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SHAWN POWERS 


Go Go Gadg 


et 


Operating System! 


h, gadgets. | remember back in 1996, 
A Palm Pilot came out and promised 

to streamline our schedules in such a 
way that we easily could get our daily work 
accomplished in half the time it normally took. 
(Yes, | realize the Apple Newton and several 
others offered similar features earlier, but it was 
the Palm Pilot that really took the world by 
storm—at least, my world.) The funny thing 
was that while the organization and portability 
of the Palm did in fact allow us to accomplish 
more in less time, the end result wasn’t lots of 
free time and afternoons on the beach. Instead, 
we crammed more duties into an already- 
cramped day. It’s been more than a decade 
since the Palm Pilot was introduced, and we're 
still using gadget after gadget to cram more 
and more activities into our lives. The good 
news is at least some of the gadgets cram fun 
into our lives as well as work. 

If you're a Linux fan, as we here at Linux 
Journal obviously are, gadgets can be a double- 
edged sword. Although many, if not most, 
gadgets run some sort of Linux as their operat- 
ing system, those very gadgets often are not 
designed to interface with a Linux desktop 
environment! Thankfully, many of them work 
with Linux—either by design or by hack—and 
this month, we talk a bit about both. 

One device, the BlackBerry, doesn’t run Linux 
as its operating system. It also doesn’t support 
syncing with a Linux desktop. Like so many 
other hardware devices, the Linux community 
has wedged the BlackBerry into the list of sup- 
ported devices, in spite of the RIM corporation. 
Carl Fink shows us all the gory details. Cory 
Wright takes us to the other end of the spec- 
trum and shows us the OpenMoko Neo 
FreeRunner phone. This little beauty is open 
from the word go, and of course, it runs Linux. 
Cory tells us the ups, the downs and the 
potential future for a phone that makes other 
“Linux-friendly” phones seem cliché. 

Some gadgets don’t even need computer 
interaction. The Dash Express GPS, for example, 
is an in-car GPS system that connects to the 
Internet all by itself. It runs Linux, and with its 
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on-line access, could prove to be an amazingly 
powerful navigation tool. Luckily, our own Kyle 
Rankin has one, and he tells us all about it. 
Another Linux-running gadget that doesn’t need 
any help getting on-line is Amazon's Kindle. 
Daniel Bartholomew tells us all about his and 
gives us the nitty-gritty regarding viewable con- 
tent, DRM and the “free” EVDO Internet access. 

Technology keeps shrinking and shrinking. 
Although my Palm Pilot back in 1996 was fairly 
limited in what it could do, nowadays, a device 
like the Nokia Internet Tablet isn’t much bigger— 
but boy is it more powerful. Bill Childers shows 
us how to hack around with a Nokia, and Jes 
Hall shows us the Acer Aspire One. Granted 
it’s a bit larger than your standard gadget, but 
the Aspire One can barely be called a laptop. 
Along with the Eee PC, the MSI Wind, the HP 
Mini-Note and a slew of others, it fits into that 
little space of devices called Netbooks. Jes tells 
us all about the one she’s been using and how 
its features stack up. 

For some power users, gadgets are just silly. 
Those folks will likely want to read this month's 
review of Terra Soft’s PowerStation. It's a PPC- 
based workstation unlike anything you've seen. 
Luckily, those power users can still get “gadgets” 
of their own, of the software variety. Marcel 
Gagné shows us a handful of software goodies 
that, although tough to stuff into your pocket, 
will fit on your desktop easily. 

And yes, even if gadgets aren't your thing at 
all, we have our regular cast of columnists writ- 
ing on the topics you know and love. Reuven M. 
Lerner shows us how to speed up database 
transactions with memcached; Mick Bauer 
continues his series on Samba security; Dave 
Taylor finishes off his series on the FilmBuzz 
Trivia program; plus lots, lots more. So, whip 
out your Palm Pilot and schedule time to read 
this issue. You won't be disappointed.m 


Shawn Powers is the Associate Editor for Linux Journal. He's also the 
Gadget Guy for LinuxJournal.com, and he has an interesting collection of 
vintage Garfield coffee mugs. Don’t let his silly hairdo fool you, he’s a pretty 
ordinary guy and can be reached via e-mail at shawn @linuxjournal.com. 
Or. swing by the #linuxjournal IRC channel on Freenode.net. 
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Quad-Core AMD Opteron™ 
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Upcoming Topics 

Why can’t you guys be a little more 
consistent with the focus on topics? 
The ULB issue has been coming out in 
different months in the last few years, 
and it's kind of hit or miss, because | 
can’t seem to find anywhere on your 
Web site a little section that would 
say what's going to be in the next 
issue. And, what is up with the ULBs 
being nothing more than just high- 
end gaming PCs? Whatever happened 
to real workstations? Is nobody using 
those anymore? 


Peter 


You can find our editorial calendar 
with upcoming topics here 
www.linuxjournal.com/xstatic/author/ 
topicsdue. As far as your ULB question, 
we've been working with readers to 
find out exactly what should constitute 
a ULB these days. Stay tuned.—Fd. 


A Rant 

lam having lots of problems with 
installers on recent “Linuxes”. They 
all assume that just because | am 
installing their OS, it will be my 
primary OS. FAIL! My partitions are 
Kubuntu-swap-spare, and | use the 
spare (usually ext3) partition to test 
new OSes. Every time | do so, | have 


to use a live CD to get the bootloader 
straightened out. What a mess! And, 
until | fix it, | can't get any work done 
with my primary OS. 


Slackware gave me a choice: put the 
bootloader in the MBR or in the parti- 
tion superblock. This made chainloading 
easy. Why can’t | get that choice in any 
of the Debian/Ubuntu family? They 
overwrite menu.lst without warning. 

| plan on trying a BSD on the spare 
partition, won't that be fun? 


| also wish GRUB used a single config 
file. Then, | could save that file to a 
thumbdrive and fix things with one 
command, rather than digging out a 
live CD and fumbling with Yet 
Another Shell Syntax. Say what you 
will about lilo, at least it was simple 
and consistent. 


Roland Latour 


Health Care 

As a longtime software developer 
working in health care (health insur- 
ance-related applications), | read 
Doc Searls’ “Why We Need Hackers 
to Fix Health Care” with great inter- 
est [LJ, October 2008]. My company, 
while our software is Windows-based 
and proprietary, struggles daily with 
interoperability issues with systems 
from other vendors with which 

our applications communicate. 

No patient lives are at risk if our 
applications encounter issues as 
described by Doc. 


I'm curious about one thing that Doc 
said. He said that he was “using a 
Web browser on one of the nursing 
workstations there. | was surfing for 
about ten seconds when every screen 
in sight went blue.” Just what was 
Doc doing that caused the issue? Or 
was it mere coincidence of timing? 


Mike Chess 


He was just surfing. Hard to say 
whether it was coincidence or 
timing.—Ed. 
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HP Media Vault Review 
Greetings. | just received my October 
2008 issue of LJ, and one of the won- 
derful articles | saw was the review of 
the HP Media Vault mv series product 
(mv2xxx and mv5xxx products). Having 
played with one for a few months now, 
| was surprised at the amount of research 
that did not go into the review. 


For example, take the failure to mention 
the rather extensive hacking guide post- 
ed at www.k0lee.com/hpmediavault 
and written by one of the HP engineers 
responsible for this product. How can a 
review of these devices fail to mention 
this site? It has links to the source code 
for the product, how to replace a drive, 
re-flash instructions and so on. 


Otherwise, it's nice to see an open-source- 
friendly NAS being reviewed—especially 
one that is open and hackable. 


Ted Johnson 


It was merely an oversight. Thank 
you for pointing out the hacking 
guide.—Ed. 


FoxyTag Update 

Since you recently mentioned some 
interest for the Foxylag speed-camera 
warning system [see New Projects, July 
2008], | invite you to consult the latest 
press release at www.foxytag.com/ 
blog/?p=48. This article has been 
copied in many blogs and some popular 
Web sites, including mashable.com. 


Dr Michel Deriaz 


Linux-Friendly Concerns 

| have been using Linux since the mid- 
1990s when | had to load a huge stack 
of floppies to get a command-line ver- 
sion running. Currently, on my primary 
PC, | dual-boot Windows XP and 
PCLinuxOS. This machine is a five-year- 
old home-built machine with an AMD, 
Socket-A ASUS A7VBX-X motherboard. 
| keep using it, because it works great 
with both XP and Linux. My laptop is an 
old Dell C400 that runs Ubuntu 8.04 
wonderfully well. 


Want energy-efficient 
performance? You want 
me in your computer. 
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LETTERS 


Linux always has worked well for me 
with the hardware of yesteryear, but 
that no longer appears to be the 

norm. | recently decided to build a 
dual-core machine to replace my old 
Socket-A machine. | built up a BioStar 
TF8200 A2+ with 4GB of RAM, a SATA 
primary drive and two more SATA 
drives for a RAID-1 /home. | soon dis- 
covered that today’s new hardware is 
not very Linux-friendly. | have tried 
many distributions and no distribution 
can correctly process audio from the 
motherboard’s onboard Realtek 
ALC888 audio chip combined with the 
NVIDIA support chipset. Likewise, there 
are problems with the onboard NVIDIA 
GF8200 graphics. Only Sabayon Linux 


can use it “out of the box”. It is a 
nightmare. Of course, Windows XP 
runs all of the hardware just fine. 


My issue is that, today, it is very, very 
difficult to build a modern system that 
is Linux-compatible. | encourage you to 
work with motherboard and peripheral 
boards to advertise the products that 
are Linux-compatible. Given the dearth 
of computer makers seriously selling 
Linux computers and the difficulty of 
building a modern Linux-compatible 
system, | am concerned there never 
will be a serious mainstream prolifer- 
ation of the Linux OS. 


Have a photo you'd like to share with LJ readers? Send your submission 
to publisher@linuxjournal.com. If we run yours in the magazine, we'll 


send you a free T-shirt. 


Will Break Windows for Food, submitted by Victor Mendonca (wazem.org) 
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The NILFS2 filesys- 
tem is a new version- 
ing filesystem, hot 


diff -u 


WHAT'S NEW off the presses from 
IN KERNEL Ryusuke Konishi. 
DEVELOPMENT This filesystem does 


continuous data 
snapshotting, so that immediate recovery 
is possible after any inadvertent file dele- 
tion or corruption. The project has the 
support of Andrew Morton, who has 
put it in his own tree for wider distribu- 
tion and testing. At this stage, the on-disk 
data format is nearly stable according 
to Ryusuke, but that will be a key issue 
in getting the code accepted into the 
main tree. Once the code is accepted, 
any changes in disk format almost 
certainly will have to include support 
for all previous formats. In general, this 
is extremely undesirable in a filesystem, 
so it’s likely that Ryusuke will try to finalize 
the data format before submitting the 
code to Linus Torvalds. 

Jonathan Corbet has written lots of 
extremely useful kernel documentation, 
including O’Reilly’s Linux Device Drivers. 
Recently, he wrote a fairly long intro to 
kernel development, intended for 
developers employed by companies who 
support their kernel work. The goal is to 
make sure those companies understand 
what to expect from the developer 
community and from the relationship 
between their engineers and that com- 
munity. This is an excellent document, 
filled with detailed advice and explana- 
tions to help newcomers understand 
how best to get their features into the 
kernel. Jonathan has submitted the 
work for inclusion in the Documentation 


directory of the kernel sources, though 
it also may appear on kernel.org at 
some point. 

The old FireWire wiki, having 
been overrun by spammers, is being 
replaced. Stefan Richter created 
ieee1394.wiki.kernel.org, which is 
already more up to date than the old 
spammy one, and it’s better maintained 
as well. Those pesky spammers! When 
we all have nanotech brain implants, will 
the spammers get into those as well? 

Reporting BIOS bugs to user space 
may be useful or it may just be 
overkill. Thomas Renninger has been 
working on this though. Various sub- 
systems, such as ACPI and PCI, can 
introduce BIOS bugs, and the kernel 
has to sanity-check all of them. 
Thomas’ argument is that user-space 
code would get several benefits from 
having access to the results of this 
sanity checking. Applications would be 
easier to test; they'd be better able to 
respond to the bugs when they were 
encountered; and users debugging 
their systems would be better able to 
identify the problems. Thomas wants 
to log all of these BIOS bugs to the 
system log files, where any user-space 
program could access them. On the 
flip side, as Bjorn Helgaas points out, 
the specific log entries for each of 
these BIOS bugs would have to be 
maintained individually, and new ones 
would have to be created by hand. 
The whole infrastructure would be 
subject to rapid aging, just like on that 
Star Trek episode, except without the 
miraculous cure. But, Andi Kleen 
thought the benefits would outweigh 


the risks, offering various implementa- 
tion suggestions, and even Bjorn had 
implementation suggestions of his 
own. So, it does seem likely we'll be 
seeing BIOS bug logging coming out 
of the kernel soon. 

The MTD subsystem is being 
worked over pretty well to try to sup- 
port Flash drives greater than 2GB. 
Bruce Leonard has been leading this 
charge, although unfortunately, he hit 
some technical obstacles when he 
modified the kernel ABI (Application 
Binary Interface). This is a real no-no, 
but as Tim Anderson points out, it 
may be necessary only to extend the 
ABI rather than actually change its 
existing interfaces. Once Bruce and 
others figure out the right interface for 
it, it’s a dead certainty we'll be getting 
arge Flash drive support in the kernel, 
probably very soon. 

David Woodhouse has been follow- 
ing up on his effort to remove all binary 
firmware from the kernel. This contro- 
versial effort is inspired by the fact that 
it's weird having lots of binary-only 
data in an open-source project. But, 
weird as it is, it's been very convenient 
for kernel developers to have the 
firmware in the tree. David's effort 
involves extracting all those binary 
blobs into a single firmware git reposi- 
tory, which he has now created. He’s 
also opening up the tree not only to 
firmware that has been distributed 
with kernel sources, but also to all 
firmware everywhere that vendors 
want to make available to Linux users. 
So, we'll see what comes of that, and 
whether they run into similar conflicts 
as those between kernel 


USER FRIENDLY by J.D. “Iiliad™ Frazer 


CHIEF, FOR COMPANY, HAVE 
CREATED TRULY WORLD'S 
WERY SMALLEST WEB 


COPYRIGHT©) 2008 J.D. “Hliad™ Frazer HTTP://WWW.USERFRIENDLY.ORG/ 


IT IS OF COURSE RUNNINK 
ON LINUX, USES OWN 
POWER SOURCE, AND IS 
EASILY REPLICABLE. 


OBSOLETE, 
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PITR, THIS LOOKS LIKE 
A PIECE OF FRENCH-FRY. 


developers and GCC devel- 
opers, where members of 
each project blame certain 
problems on the other pro- 
ject, leading to long-term 
disputes. This is less likely 
in David's firmware project, 
as the kernel folks could 
easily just revert to includ- 
ing their selected firmware 
blobs in the kernel again if 
there are any real disputes. 
Time will tell. 

—ZACK BROWN 


The Dell IdeaStorm Index 


The Dell IdeaStorm site 
(www.dellideastorm.com) was an 
inspired move by the company, provid- 
ing a way for the market to tell a 
major supplier what to do, rather than 
the reverse, which has been the 
default for the whole Industrial Age. 
When the site first went up, it sus- 
tained what we might call an Insistence 
on Service Attack by Linux and open- 
source geeks. Since then, however, the 
pressure hasn't let up. At the time of 
this writing (on September 10, 2008), 
the same kind of demand is there. 
What we see with IdeaStorm now is 
a rolling picture—almost a scroll—of 
market demand. Here's the current list in 
the order the items appear on the page: 


Put Ubuntu on the list of operating 
systems when building a PC. 


No more plastic wrap, please. 


BIOS upgrades that don’t 
require Windows. 


Provide Linux drivers for all 
your hardware. 


Standardize power cables for laptops. 
Can we get Studio Hybrid with Ubuntu? 


There should be an option of having 
no trialware on all computers. 


Please make the Ubuntu XPS Notebook 
cheaper than the XPS Vista Notebook. 


Use magsafe power connectors. 


Pre-installed OpenOffice.org | alter- 
native to MS Works & MS Office. 


When you choose not to implement 
an idea, explain why. 


UPFRONT 


Mini 9 Netbook Ubuntu price must 
be cheaper than the XP price with 
same config. 


Have Firefox pre-installed as 
default browser. 


Switch to LED monitors. 

Quit forcing McAfee subscriptions. 

Tell us what Wi-Fi chipset a laptop has. 

Backlit keyboards. 

Stop overcharging on notebook RAM. 

To sum up, customers want practical 
improvements, transparency, promotional 
crap removal and Linux/Ubuntu support 
(the latter shows up four times). Maybe 


some other makers will start listening too. 
—DOC SEARLS 


Expert included. 
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As the head of Sales Engineering for Silicon Mechanics, Ken spends his time developing 
systems and configurations that are directly responsive to our customers’ requests. That gives 
him unique insight into technologies that are catching on and gaining momentum. Lately 


Ken has been engineering a lot of clusters, and they tend to have some things in common. 


First, they are intended for use at a department or workgroup level. Second, they must 
be powerful but compact. Third, they need to be turnkey systems running Linux and the 
ROCKS+ cluster platform by Clustercorp Inc. Finally, they need to be reasonably priced. 


Meet the Hyperform ROCKS+ Integrated cluster by Silicon Mechanics. Hyperform ROCKS+ 
Integrated is the new turnkey cluster certified by Clustercorp Inc. It features a Rackform 
nServ A266 head node, and nServ A2121 and A2121-IB compute nodes, with the latest 
dual-core or quad-core AMD Opteron™ processor technology. Sized to meet workgroup- 


level needs, scalable to meet department- and enterprise-level needs, equipped with 


the latest processor technology, featuring leading cluster software, and with a starting 


configuration price below $30,000, this is the current cluster configuration of choice. 


When you partner with Silicon Mechanics, you get more than high-density, custom- 
fit cluster solutions—you get an expert like Ken. 


ROCKS+ 


INTEGRATED 


Silicon Mechanics and the Silicon 
Mechanics logo are registered 
trademarks of Silicon Mechanics, Inc. 
AMD, the AMD Arrow logo, AMD 
Opteron, and combinations thereof, 
are trademarks of Advanced Micro 
Devices, Inc. 


For more information about the Hyperform ROCKS+ Integrated cluster 
visit www.siliconmechanics.com/rocks. 
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What They’re Using 
Respecting Retro with Robert L. Morgan 


Robert L. “Bob” Morgan reminds me why 
| miss the times when Linux Journal was Robert L. Morgan 
headquartered in Seattle, not far west of 
U-Dub: the University of Washington. RL 
is one of many old UNIX/Linux hands in 
the Alpha Geek circle there. 

| ran into Bob again at Digital ID World 
in September 2008, in one of the few 
open-source sessions held there. He sat in 
the back row, worn laptop on his knees, 
and asked Knowing Questions. So, | imme- 
diately asked him to be the object of our 
subject for this month. Here’s how he ran 
down his goods: 


My laptop is a three-year-old IBM/Lenovo 
ThinkPad X41 (non-tablet), now running 
Fedora 9. | have used a series of “ultra- 
light” ThinkPads for perhaps a dozen years 
(560Z, X21, X31 and now X41), and run 
Red Hat or Fedora Linux on every one. | do 
all my work on my laptop and carry it 
everywhere, so lightness, durability and 
stability are key. This combination has 
worked for me. 


In my job (identity management architect 
for the University of Washington and 
Internet2), | do lots of e-mail (4,000 
messages sent per year, average 200 
incoming per workday). | use Pine, for 
much the same reasons as above for my 
choice of laptop and OS: it’s fast, very 
stable and keeps on working year after 
year. It’s nice to know that the folks 
who write it work upstairs from me, but 
| haven't needed any special support. 


Maybe the most retro choice on this 
machine is the Window Maker window 
manager. It hasn't changed much at all in 
the last several years, but once again, it's 
fast and keeps on working. | live happily 
switching among my 20 virtual desktops 
with well-practiced keystrokes, and don’t 
miss all those fancy features. 


Like anyone else, | use modern full-featured 
apps like Firefox and OpenOffice.org, but 
if I'm not reading or composing e-mail in 

Pine, I’m probably taking notes in Emacs. 

| guess I’m just a retro kinda guy. 


And it’s great to have those guys around. 
—DOC SEARLS 
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LJ Index, 
December 2008 


1. Apache's percentage market share among 
Web servers in August 2008: 49.82 


2. Microsoft's percentage market share among 
Web servers in August 2008: 34.88 


3. Percentage of Netcraft's top ten most reli- 
able hosting companies that run on Linux: 40 


4. Position of Linux-based Hurricane Electric 
among Netcraft’s top ten most reliable 
hosting companies: 1 


5. Number of words in the Walt Disney Internet 
Group's Terms of Service: 5,038 


6. Number of words in the AT&T on-line Terms 
of Service: 10,944 


7. Number of words in the Verizon on-line 
Terms of Service: 8,569 


8. Linux percentage share of the smartphone 
market in Q2 2008: 7.3 


9. Soon-to-be-open-sourced Symbian share of 
the smartphone market in Q2 2008: 57.1 


10. Windows Mobile share of the smartphone 
market in Q2 2008: 13 


11. RIM share of the smartphone market in Q2 
2008: 17.4 


12. Apple iPhone share of the smartphone 
market in Q2 2008: 2.8 


13. Linux adoption percentage at the 14 largest 
investment firms in 2006: 60 


14. Estimated Linux adoption percentage at the 
14 largest investment firms in 2008: 72 


15. Dollars granted by the National Science 
Foundation to Polk Community College and 
University of South Florida Polytechnic to 
create a four-year Linux computer system 
administration program: 812,726 


16. Size in billions of dollars of the global 
advertising market in 2007: 600 


17. Projected size in billions of dollars of the 
global advertising market in 2012: 707 


18. Size in billions of dollars of the interactive 
(mostly on-line) advertising market in 2007: 45 


19. Projected size in billions of dollars of the 
interactive advertising market in 2102: 147 


20. Annual percentage growth rate of interactive 
advertising: 23.4 


1-4: Netcraft.com 
5: disney.go.com/corporate/legal/terms.html 
6: my.att.net/legal/tos 
7: www.verizon.net/policies/vzcom 
8-12: Gartner, via www.tectonic.co.uk 
13, 14: CIO | 15: Orlando Business Journal 
16-20: The Kelsey Group 
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They Saicl It 


I'd rather not waste my time on nostalgia. I’d rather spend it 
on hindsight. 
—Edward Felten, from his talk at US v. Microsoft, 10 Years Later, at Harvard University 


While VMware is in use (www.vmware.com/company/news/releases/ 
cern.html), the primary configuration for machines in the LHC comput- 
ing grid (Icg.web.cern.ch/LCG) is based on the Scientific Linux distribution 
running directly on the hardware. This grid is used to receive and dis- 
tribute the 15PB of data across the 100,000s of CPUs across the world. 
—Tim, a commenter writing from a CERN IP address to an InternetNews.com 
story on the Large Hadron Collider, blog.internetnews.com/skerner/2008/09/ 
large-hadron-collider---powere.html 


Our commitment to Linux has not changed....What's changed is that 
customers will no longer be able to order Lenovo ThinkPads and 
ThinkCentres with pre-installed Linux via the lenovo.com Web site. 
—Ray Gorman, Lenovo spokesman, in an e-mail to Computerworld, 
computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName= 
hardware&articleld=9114485&taxonomyld=12&intsrc=kc_top 


Apple views tennis-shoe DRM as a way to head off what it sees as a 
potential plague of sneaker hacking. 
—Nicholas G. Carr, www.roughtype.com/archives/2008/09/apple_declares.php 


Linux Journal Live! 


the live show, so check back on 
LinuxJournal.com for updates. 
We still have our video how-tos 


Join us at www.linuxjournal.com/ 
live for our live, streaming video 
show. Each show, you'll be able to 


interact with other Linux Journal 
readers and pose questions to 
our editors, columnists or special 
guests. You always can watch 
the recorded show afterward, but 
it is far more fun to join in during 


and reviews you have come to know 
at www.linuxjournal.com/video, 
and we hope you also will join 
us for our live shows as well. See 
you there! 

—KATHERINE DRUCKMAN 


On the Web, Articles Talk! 


Every couple weeks over at 
LinuxJournal.com, our Gadget 
Guy Shawn Powers posts a 
video. They are fun, silly, quirky 
and sometimes even useful. So, 
whether he's reviewing a new 
product or showing how to use 
some Linux software, be sure to 
swing over to the Web site and 


check out the latest video: www.linuxjournal.com/video. 


We'll see you there, or more precisely, vice versa! 
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Going MoBile 


WAP Review calls Linux Journal's mobile site, 
m.linuxjournal.com, “a beauty” and adds, “No 
tiny dumbed-down mobile site, it features just about 
everything found on the full site, including archives, 
commenting, forums and videos in mobile format.” 

For that, we also can thank MoFuse (mofuse.com), 
which hit the streets last summer with a slick 
Linux-based way of cutting the cruft out of 
Weblogs and presenting them readably on 
mobile phones and other handhelds (we gave 
the company a mention in “Laundering Blog 
Layouts for Mobile Devices” in the Upfront section 
of our October 2008 issue). 

Now that MoFuse has put some rubber on the 
road, we thought it was a good time to hit David 
Berube, Founder & Chief Architect of MoFuse, with 
a few questions about his fledgling business and 
Linux’s role in it. 


DB: We are now approaching 14,000 mobile sites, 
and we just raised a seed round of funding from the 
Slater Fund in Providence, Rhode Island—our home 
town. We're moving quickly! 


DB: | chose Linux for a few reasons: 1) it’s powerful 
and can do the job we need at MoFuse really well: 
2) it’s open, and that is key to how I’m working as 
an entrepreneur and how our small team can be so 
efficient; and 3) it’s inexpensive—another key factor 
for a company just starting out. 

Linux being free means a lot to an entrepreneur. 
Using Microsoft would have cost me more to get 
going when compared to a Fedora install. Also, 
there are many avenues out there | can reach out to for free 
and get help—more so on an open platform because it is 
community-driven. When | have a problem, | can almost 
always find the answer using a quick Google search. In the 
past, when | was using Windows servers, the answer or 
solution wasn’t easily accessible. 

Basically, Linux has enabled MoFuse to create what it is 
today and indirectly help foster the mobile Web. I’m sure 
these are things you've heard numerous times before, but 
it is very true for MoFuse. 


DB: Lots of ways, but one that comes to mind is the OpenX 
(www.openx.org) ad server. The OpenX team has done 

a fabulous job with it, and it's a great product. It’s not in 
production, but we are working with it heavily behind the 
scenes to convert it to a mobile ad server. On our side, 
we're making modifications so that we can use it as our 
primary mobile ad server. 
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David Berube 


DB: I'm very excited about Android and the prospects for a 
mainstream open-source mobile operating system using Linux. 
This will lower barriers for smaller companies and help further 
the growth of mobile far beyond where it is today—and hope- 
fully, help drive the handset costs down so more consumers 
can have access to smartphones. 


DB: | don’t know. When | design anything, | do it with two 
things in mind, the user (viewer) and simplicity. | think MoFuse 
reflects that, and my personal blog (blog.daveberube.com) 
certainly does. | like simple; I'm a fan of 37signals because 
of its take on design, and | try to bring that same take 
into projects | work on. But, as you know, some of the 
bigger blogs need to make space for advertising, and that 
can really clutter a design. There needs to be a balance 


between design and revenue. 


DS: | have a hope that mobile 
platforms, as they become more 
popular, will drive development in 
the direction of simplicity. If that 
happens, what will you be look- 
ing for from other developers, 
bloggers, Web site designers and 
your own team? 

DB: With anything, you begin to see 
features creep in. It's a battle every 
developer wages, and it’s not easy. You 
really need to figure out what is needed 
and what isn’t. The good thing about 
mobile is that applications and Web 
sites need to be simple in order for 
them to function. For example, there is 
no mouse, so you must make the user 
interface simple to use in order for 
users to be able to do the things they 
need. 


DS: Speaking of thin and lightweight, 
have you checked out Dave Winer’s 
“news river” concept? The best 
example is nytimesriver.com, which 
Dave put together for the New 
York Times, but which it seems 

to have ignored. 

DB: Yes, | have. It’s straight to the 
point, is what it is. Nothing more, noth- 
ing less—perfect. 


DS: Let’s talk about the iPhone. 
My own view is that Apple has 
created a very slick data device 
that also happens to be a phone. 
It points toward a phone business 
that needs to be a data business. 
Meanwhile, the other phone 
makers have many different 
devices, with many different 
SDKs. This encourages developers 
to come to this one very capable 
platform, even though Apple is 
its one huge gatekeeper. 
DB: Apple really has created not just 
a great device, but a whole new 
concept that flies in the face of the 
carriers, including its partner AT&T. 
Jobs has really leveraged the Apple 
brand to bend carriers to its needs, 
although Apple did cave in a little 
with the iPhone 3G and the forced 
contract with AT&T that subscribers 
now need to sign. 

What | dislike about Apple's 
iPhone and the App Store are its limi- 
tations. Why are there limitations? 


Why can’t a developer create video 
recording software? Why can’t devel- 
opers create navigational software? 
Why does Apple get to be the gate- 
keeper to what gets exposed to the 
users? Why can’t the users be their 
own gatekeepers? 

It also stifles innovation! A company 
isn’t going to invest $100,000 in devel- 
oping new software for the iPhone, if 
there is no guarantee that Apple even 
will approve of the software. Apple 
wants you to invest your time and 
money into developing for its platform, 
but there is always a risk that iPhone 
users never will get a chance to see it 
themselves. If that happens, you virtual- 
ly have no other avenue to get to all 
those millions of iPhone users, except 
maybe marketing it to jail-broken 
phones. | just hope that over time, 
Apple will open up the platform a little 
more. We could really see some cool 
things if it did that. 


DS: Meanwhile, on the Linux side, 
I've discovered some of the phones 
can’t do sound yet. Can they com- 
pete? How? 

DB: That will change. Sound is moving 
forward. If you don't have it now, you 
will have it soon. 


DS: And, you think Android will 
make it happen? 

DB: Hope so. The problem Android is 
going to have is that the carriers are 
still going to try to lock down the 
operating system. It’s going to be an 
OS that is fractured, because it’s not 
going on one single device but on 
many. That means developers are 
going to have to create applications 
that work for devices with and with- 
out a touchscreen, with and without 
a QWERTY keyboard, with 3G and 
Wi-Fi and without. The list goes on. 
That's a challenge, but hopefully what 
Android can do is at least create a 
standard moving forward. 

It’s up to the carriers. If they don’t 
lock down the operating system and 
really let it be a true sandbox for devel- 
opers, I’m positive we will see great 
innovation. The mobile phone is capa- 
ble of doing so much. It's a device that 
we always have with us, and it’s always 
on. It’s the most personal computing 
device we have. 
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Memcached 


Want to make sure your application will scale? Consider memcached, 
which allows you to speed up response time, as well as reduce the 


load on your database server. 


One of the watchwords for modern Web develop- 
ers is scalability. Whether we're following the latest 
news about Twitter's servers or writing our own 
applications, developers always are thinking about 
whether their system will be scalable. 

This issue has been particularly prominent during 
the spring and summer of 2008, as Ruby on Rails 
(my preferred platform for Web development) has 
been criticized for its use of RAM and its relatively 
slow execution speed. The massive server problems 
that Twitter experienced during the first half of 2008 
were widely described as stemming from Twitter's 
use of Rails (despite denials from Twitter's technical 
team) and led to speculation that Rails cannot be 
used for a scalable application. One of the hosts of 
the weekly RailsEnvy podcast makes a point of sar- 
castically saying that “Rails doesn’t scale” in each 
episode, because it was said so frequently. 

There's no doubt that Rails is more resource- 
intensive than many other application development 
frameworks. This is partly due to the need for 
improvements in the Ruby language itself—improve- 
ments that look like they'll be available within the 
coming year. And, it also is true that the Rails 
framework uses more CPU and memory than some 
of its counterparts, such as Django, because of the 
nature of the features that it offers. 

But, there's a difference, | believe, between call- 
ing Rails resource-intensive and calling it inherently 
unscalable. Scalability has more to do with the 
architecture and design of an application, allowing 
it to grow naturally from a single box containing 
both the Web and database servers to a network of 
servers. A Web application written in C might exe- 
cute very quickly and, thus, handle a larger load on 
a single server, but that doesn’t mean the applica- 
tion is inherently more scalable. At a certain point, 
even an efficient C program will reach its capacity, 
and if it isn’t designed with this in mind, the more 
efficient application will be the less scalable one. 

So, | tend to think about scalability as an archi- 
tectural problem, one that ignores the specific 
programming language in which an application 
is implemented, and which is different from the 
issue of execution speed and efficiency. You can 
have highly scalable programs written in an 
inefficient framework, but it does take a bit more 
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discipline and requires that programmers think carefully 
about the way they are writing the code. Even if you're 
starting on a single computer, designing the software 
in a scalable way allows you to distribute the load (and 
tasks) across a number of specialized servers. 

One of the most important issues having to do 
with scalability actually has little or nothing to do with 
the Web application framework on which the pro- 
gram is written. Most modern Web applications use a 
relational database for persistent data storage, which 
means that the database server can be a bottleneck. 
Even if the database server isn’t pushing its limits, the 
fact is that it takes time for a relational database to 
process a query, retrieve one or more appropriate 
rows and send them back to the querying application. 

If your application is highly dynamic, it might use 
as many as a dozen SQL calls for each page, which 
will not only stress your database, but also signifi- 
cantly reduce the speed with which you can service 
each HTTP request. Longer request times mean that 
your users will be drumming their fingers longer 
and that your server will need more processes to 
handle the same number of requests. 

One solution is to use multiple database servers. 
There are solutions for hooking together multiple 
servers from an open-source database (for example, 
PostgreSQL or MySQL), not to mention proprietary 
(and expensive) solutions for commercial databases, 
such as Oracle and MS-SQL. But, this is a tricky 
business, and many of the solutions involve what's 
known as master-slave replication, in which one 
database server (the master) is used for data modifi- 
cation, and the other (the slave) can be used for 
reading and retrieving information. This can help, 
but it isn't always the kind of solution you need. 

But, there is another solution—one that is simple 
to understand and relatively easy to implement: 
memcached (pronounced “mem-cash-dee”). 
Memcached is an open-source, distributed storage 
system that acts as a hash table across a network. You 
can store virtually anything you like in memcached, 
as well as retrieve it quickly and easily. There are 
client libraries for numerous programming languages, 
so no matter what framework you enjoy using, there 
probably is a memcached solution for you. 

This month, we take a quick look at memcached. 
When integrated into a Web application, it should 


help make that application more scalable—meaning 
it can handle a large number of users, spread across 
a large number of servers, without forcing you to 
rewrite large amounts of code. Version 2.1 of Ruby 
on Rails went so far as to integrate memcached sup- 
port into the framework, making it even easier to 
use memcached in your applications. 


Memcached 
As | mentioned previously, you can think of 
memcached as a network-accessible hash table. Like 
a hash table, it has keys and values, with a single 
value stored per key. Also like a hash table, there 
aren't a lot of ways to store and retrieve your data. 
You can set a key-value pair; you can retrieve a 
value based on a key, and you can delete a key. 
This might seem like a limited set of functions. 
And, it is, if you think of memcached as your 
primary data store. But, that’s exactly the point. 
Memcached never was designed to be a general- 
purpose database or to serve as the primary 
persistent storage mechanism for your application. 
Rather, it was meant to cache information that you 
already had retrieved from a relational database and 


that you probably were going to need to retrieve 
again in the near future. 

In other words, memcached allows you to make 
your application more scalable, letting you take 
advantage of the fact that data is fetched repeatedly 
from the database, often by multiple users. By first 
querying memcached and accessing the database 
only when necessary, you reduce the load on your 
database and increase the effective speed of your 
Web application. 

The main cost to you is the time involved in 
integrating memcached into your application, the 
RAM that you allocate to memcached and the 
server(s) that you dedicate to memcached. How 
many servers you will want to allocate to memcached 
depends, of course, on the size and scale of your 
Web site. You might need only one memcached 
server when you start out, but you might well need 
to expand to ten, 100 or even several hundred 
memcached servers (as I’ve heard Facebook uses) to 
maximize application speed and efficiency. 


Using Memcached 
On my Ubuntu system, | was able to install 
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memcached with: 
apt-get install memcached 

Then, | started memcached with: 
/usr/bin/memcached -vv -u reuven 


The -w option turns on very verbose logging, 
allowing me to see precisely what is happening 
from the server's perspective. The -u flag lets me set 
the user under which memcached will run; it cannot 
be run as root, for security reasons. 

Now, let's write a short client program to store 
and retrieve values. I’m going to write the client pro- 
gram in Ruby, although you can use almost any lan- 
guage (including Perl, Python or PHP) that you like. | 
used the memcache-client Ruby gem to connect to 
the memcached server, which | installed by typing: 


sudo gem install memcache-client 


Here is a short program that connects to the 
memcached server, stores a value and then retrieves 
a value: 


#!/usr/bin/ruby 


# Load necessary libraries 
require 'rubygems' 
require 'memcache' 


# Create the memcached client 
CACHE = MemCache.new 'localhost:11211' 


# Set a value 
CACHE.set('foo', 'bar') 


# Retrieve a value 
value = CACHE.get('foo') 
puts "Value = '#{value}'" 


As you can see, the first thing we do is create a 
client to the memcached server. You can specify one 
or more servers; in this case, we indicate that there 
is only one, running on localhost, on port 11211. It 
might surprise you to learn that although memcached 
is described as a distributed caching mechanism, 
the various memcached servers never speak to one 
another. Rather, it is the client that decides on 
which server it will store a particular piece of data, 
and it uses that same algorithm to determine which 
server should be queried to retrieve that data. 

So in this program, we connect to our server, set 
a value (much as we would set it in a hash table) and 
then retrieve it. It’s nothing very exciting, although 
the fact that the memcached server might be on 
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another computer already makes things interesting. 

Here is a slight variation on the previous pro- 
gram. Notice the third argument to CACHE.set, as 
well as the invocation of sleep afterward: 


#!/usr/bin/ruby 


require 'rubygems' 
require 'memcache' 


CACHE = MemCache.new 'localhost:11211' 
CACHE.set('foo', ‘bar', 3) 
sleep 5 


value = CACHE.get('foo') 
puts "Value = '#{value}'" 


This time, the output looks like this: 


Value = 


Huh? What happened to our value? Didn't we set 
it? Yes, we did, but we told memcached to expire the 
value after three seconds. This is one important way 
that memcached makes it easy to be integrated 
into a Web application. You can specify how long 
memcached should continue to see this data as valid. 
By passing no expiration time, memcached holds 
onto the value forever. Allowing the data to expire 
ensures that cached data is valid. 

Just how long you should keep data in the 
cache is a question only you can answer, and it 
probably depends on the type of object you're 
storing. Orders from your on-line store probably 
should expire after a short period, because they 
likely will change as users visit your site. But, infor- 
mation about users is unlikely to change once they 
have registered, so it might make sense to hold 
onto that for a longer period of time. 

It might seem strange for me to be describing 
memcached as a repository for complex objects, 
such as orders or people. And yet, memcached is 
fully able to handle such objects, assuming they are 
marshaled and unmarshaled by the client software. 
Thus, we can have the following short program: 


#!/usr/bin/ruby 


require 'rubygems' 
require 'memcache' 


CACHE = MemCache.new 'localhost:11211' 


CACHE set" foo". (ra, tb, “e". [1,23], 
{:blah => 5, :blahblah => 10}, 


Time. now] ) applications become truly scalable.m 


value = CACHE.get('foo') Reuven M. Lerner, a longtime Web/database developer and consultant, is a PhD 
puts "Value = '#{value.map{ |i] candidate in learning sciences at Northwestern University, studying on-line 
i.class}.join(', ')}'" learning communities. He recently returned (with his wife and three children) to 


their home in Modi’in, Israel, after four years in the Chicago area. 


Sure enough, we see that memcached is happy 
both to set and retrieve values of a variety of classes. Resources 
This means that even if we create a complex class, 


we can store it in memcached and retrieve it later. The home page for memcached is at 
www.danga.com/memcached. This site contains 

Conclusion links to software (server and client), documentation 

Memcached is an important part of nearly any Web and articles about memcached. 

application's strategy for scaling. It can reduce the time 

it takes to access certain types of information dramati- The Ruby client | used is called memcache-client, 

cally, resulting in faster response times for users and and it is available via RubyForge, at rubyforge.org/ 

freeing up the relational database server for other jobs. projects/seattlerb. This page is for all projects run 

Deciding exactly which objects can and should be by Seattle.rb, including memcache-client. 

stored in memcached and determining how long they 

should be kept in the cache before expiring are issues | haven't had a chance to read or review it, but there 

that must be addressed for each individual application. is a book about memcached, unsurprisingly called 
Next month, I'll explain how memcached sup- Using memcached, written by Josef Finsel and 

port has been integrated into Ruby on Rails, making published by the Pragmatic Programmers as a 

it quite easy to take advantage of this technology in PDF-only book in its “Friday” series. 


your own applications—and, dare | say it, help your 
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Gadgets...Sort of 


Gadgets are tools, but referring to a tool as a gadget implies a bit of fun. 


What on Earth is that, Francois? Something to make 
your job easier? Come on, mon ami, let’s be honest. | 
don’t work you that hard. So what does that thing 
do? Quoi? It’s a combination corkscrew, pen, pocket 
knife, compass, notepad, wine thermometer, music 
player and crumber? That's the silliest thing I’ve ever 
heard of. You know | love gadgets as much as you 
do, but | think you outdo me with your choices. Our 
guests are arriving, Francois. Pay attention, and | will 
show you some really useful gadgets. 

Good evening, everyone. It is wonderful to see 
you, mes amis. Welcome to Chez Marcel. Francois 
has prepared your usual tables and was just about 
to get tonight's wine. And, what a wine, mes amis. 
This 2006 wine from Tuscany is produced by 
Ornellaia and goes by the name of Le Volte (Figure 
1). It's a rich, full-bodied, almost chewy red with lots 
of dark fruit on the palate. Your mouth will thank 
you. Francois, you'll find our shipment in the east 
wing of the cellar, near the secret passageway. Vite! 


Figure 1. Tonight's Wine, Sampled and Approved 


These days, software gadgets are designed to 
exploit the eye-candy capabilities of modern sys- 
tems, and we'll look at some of those in a moment. 
But, what if your system isn’t a modern computer? 
What if you have only limited memory and no high- 
end graphics system? Have no fear; I’ve found a 
couple gadgets guaranteed to be resource-friendly 
while still providing little productive value. The first 
is necessary for people using a Linux system who 
feel they may be missing out on that most impor- 
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Figure 2. Every computer needs a Blue Screen of Death— 
sort of. 
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Figure 3. Fish are endlessly fascinating to watch, even 
when they're merely ASCII characters in a terminal window. 


tant of Windows tools. Yes, I'm talking about the 
Blue Screen of Death, lovingly crafted for Linux by 
Folkert van Heusden. 

Get the source from www.vanheusden.com/bsod, 
extract it and then simply type make (or make 
install) to build it. To run it, type bsod. Your 
console, or terminal window, displays the Blue 
Screen of Death. There are no options or flags, 
so it’s very easy to use. 

Of course, the Blue Screen of Death doesn’t do 
much. And, it’s nowhere near as interesting as, say, 
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Figure 4. xfishtank, because people need fish swimming 
across their workspaces. 


watching fish in an aquarium. We've got that taken 
care of as well with our next gadget. In keeping 
with our low-tech, low-end gadget needs, this 
aquarium doesn’t require a graphics card. It’s Kirk 
Baucom’'s ASCIlQuarium (Figure 3). The program 
displays a variety of fish, the occasional sea monster 
or man-eating shark, all in glorious ASCII. 

Believe it or not, ASClIQuarium is included in the 
repositories for various distributions, so you proba- 
bly don’t need to build it. However, source is avail- 
able should you choose to go that route. There is 
no building to be done because ASCIlQuarium is a 
single Perl script. It requires only that you have the 
Curses and Term::Animation Perl modules installed. 
While the aquarium displays its two-dimensional 
life, you can press R to force a redraw, P to pause 
the display or Q to quit. 

If ASCII seems just too, ahem, quaint for a desk- 
top gadget, you'll be happy to know that you can 
get a different kind of aquarium with some nicer 
graphics. Most modern software gadgets tend to be 
small programs that run on your desktop back- 
ground or wallpaper. Sometimes they become the 
background. One such program is xfishtank (Figure 
4), written by Eric Bina. Once again, this is an easy 
program to find in your distribution’s repositories. 

Running xfishtank on most systems is as simple 
as typing the program name. You also can fire up 
your program launcher (Alt-F2), and type xfishtank 
to populate your aquarium. Whether you see some- 
thing right away depends somewhat on the desktop 
environment you are running. Most environments, 
GNOME included, don’t require any additional 
steps, but KDE does need to check with you before 
allowing programs to run on the desktop back- 
ground. Right-click on your desktop, and select 
Configure Desktop from the pop-up menu. When 
the dialog box appears, click the Behavior icon in 
the left-hand sidebar. A three-tabbed window 
appears on the right-hand side. Look near the top 
on the General tab, and you'll see a check box with 
the words Allow programs in desktop window. Click 
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Figure 5. The penguins in xpenguins are an industrious lot— 
floating, skateboarding, drilling, walking, reading and more. 
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that check box, and then click OK. 

| mention this now because you may need it 
again with some of our other gadgets. A lot of the 
newer background gadgets are small programs that 
take up a small portion of your screen, quietly dis- 
playing useful information, such as system load, 
memory usage or network traffic. But, wouldn't 
you rather see Tux running around on your screen, 
walking across your windows, skateboarding or 
parachuting down to your taskbar? Me too. You 
can thank Robin Hogan for writing xpenguins to 
help us out of that productivity conundrum. When 
you run xpenguins, Tux, in all the forms | men- 
tioned, suddenly takes over your screen (Figure 5). 

Should you decide your screen isn’t busy 
enough, you can increase the default number of 
penguins by using the -n flag. That default is 
defined in the current theme. Theme? Did | say 
theme? If those wonderful little penguins vying 
for your attention aren’t enough, you are running 
the right program, mes amis. One of the really 
fun things about xpenguins is that it comes with 
multiple themes. To discover those themes, type 
xpenguins -1 at the command line: 


$ xpenguins -1 
Big Penguins 
Bill 

Classic Penguins 
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COOKING WITH LINUX 


Figure 6. The evil hacker known only as Bill can replace 
those cute little penguins on your desktop. 


Penguins 
Turtles 


To select a particular theme, do the following: 
xpenguins -t Bill 


Figure 6 shows the result. Bill, the famous 
hacker from Red Mond, wanders across your 
screen taking away Linux systems and replacing 
them with his own brand of OS. Yes, this is a 
takeoff of the (in)famous xbill game. 

Even more themes are available. Visit the xpenguins 
Web site, and check out the user-contributed 
themes at xpenguins.seul.org/contrib. Before we 
move on, | want to mention one last flag available 
with xpenguins—the -s flag. That one makes it 
possible for you to squish the characters with your 
mouse cursor. If you find yourself a little squeamish 
at the result, the -b option means no blood. 

| could pass the next one by, but | really need to 
mention it. It’s a little less tasteful, but it’s lots of fun 
if you want to turn off your coworkers. xcockroach, 
written by Nicolas Adenis-Lamarre, generates a vari- 
ety of cockroaches that scurry across your screen and 
hide under your active windows. Move the window 
and the critters run off in all directions. It's pretty dis- 
gusting, but certainly entertaining. Unlike xpenguins, 
there is no squash function. You can, however, 
change themes and behaviors for your roaches. 
For a full list of options, type xcockroach -h. 

Let's get off the nostalgia bus now and take a 
look at the modern state of desktop gadgets. KDE 
4.1's impressive desktop features a new desktop 
shell called Plasma. Plasma is, in a way, the ultimate 
gadget—it’s a gadget that runs gadgets. Inside 
Plasma, you run programs (or widgets or gadgets) 
that appear on the desktop. Each of these programs 
is commonly referred to as a plasmoid. Plasmoids 
are more than programs, however. Each is a con- 
tainment that can contain other plasmoids, all of 
which are, technically, able to communicate with 
one another. Plasma, the desktop shell, is just one 
big containment that contains other plasmoids. The 
panel at the bottom of the screen with its system- 
tray icons, taskbar, clock and program launcher is 
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Run Comr 


Figure 7. A close-up of a roach-infested desktop—luckily, 
getting rid of them is as easy as issuing a kill command. 


yet another containment. Shakespearean fans can 
think of it as a play within a play. 

Plasmoids use scalable vector graphics (SVG). 
These graphics can be zoomed and rotated smoothly, 
meaning that plasmoids can live pretty much 
anywhere on your desktop, in any size and any 
orientation. The result is super-sweet eye candy 
of the gadget variety. 


Note: 


Yes, we have a real issue with this whole gad- 
get thing. It’s called language. Some people 
call them gadgets, and others refer to them as 
widgets. KDE 4.1 calls them both widgets and 
plasmoids. Other environments refer to 
these things as toys. Gadgets and widgets 
and plasmoids and toys, oh my! 


To add a plasmoid to the KDE 4 desktop, click 
on that cashew icon in the top right-hand corner 
of your screen. A small pop-out menu appears. If it 
says Unlock Widgets, make sure you click that first, 
then recall the menu. Now, you should see Add 
Widgets at the top of that menu (Figure 8). 

When you click Add Widgets, a window labeled 


Add Widgets G 


Zoom Out 


Lock Widgets 


Figure 8. Click the cashew to add desktop widgets, or plas- 
moids, or gadgets, or whatever you like to call them. 


Add Widgets appears (Figure 9). It contains a list of 
all the plasmoids installed on your system, and each 
one has a description below its name. Some of my 
favorites include Dictionary, a live desktop word 
lookup; Luna, a moon-phase display; and the 
Twitter Microblogging applet. | also enjoy a variety 
of clocks, including a classic analog clock as well as 


Figure 9. KDE 4.1 plasmoids seriously dress up a desktop. 
Shown here are the KDE Twitter, Luna, binary and analog 
clock, notes, dictionary, calculator and trash plasmoids. 


a binary model. Those little yellow sticky notes also 
are handy. There’s even a plasmoid that pulls in and 
displays your favorite comic strips right on your 
desktop. Figure 9 shows a number of different 
plasmoids running on my desktop. 

While the plasmoids are unlocked, you can pause 
over any of them to fade in the controls (Figure 10). 
Each has a rotate handle, a resize handle and a button 


HPC Your Way 


Intel or AMD. Ethernet or InfiniBand. Linux or Microsoft 

Windows HPC Server. Now you can have a uniform set of HPC compilers 
and tools across all of your x64 clusters. PGI CDK compilers and 

tools are available directly from most cluster suppliers. 

Take a free test drive today at www.pgroup.com/reasons 


PGI CDK Cluster Development Kit 


The Portland Group, Inc. is an STMicroelectronics company. CDK is a trademark or registered trademark of STMicroelectronics. PGI, Cluster Development Kit, and PGPROF are trademarks or registered trademarks of The Portland Group, Incorporated. 
Other brands and names are the property of their respective owners. 
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COOKING WITH LINUX 


Figure 10. Control handles (or buttons) fade in when you 
hover over a plasmoid, letting you rotate, resize, configure 
or close the plasmoid. 


to close the plasmoid. Many, though not all, also are 
configurable and offer a settings icon. 

Running all these cool desktop gadgets is 
great, but what if you've got a dozen windows 
open, and you want to re-read today's comic? 
Minimizing all those windows can be a pain, but 
it's one you don't need to suffer. Press Ctrl-F12, 
and the Plasma dashboard jumps to the forefront 
of your running windows, letting you see and 
interact with any of your plasmoids. 

The last item on tonight’s menu comes from 
those gadget-crazy people over at Google who 
come to us with the aptly named Google 
Gadgets. Unlike plasmoids, you can’t rotate 
them, and they live only on your current virtual 
desktop, but the sheer number of gadgets, not to 
mention coolness factor, makes Google Gadgets 
a must. | was able to install Google Gadgets for 
my system from the Mandriva repositories, so 
check yours first. You also can get the latest from 
code.google.com/p/google-gadgets-for-linux. 

When you install Google Gadgets for Linux, 
you'll find that there are two versions of the code: 
one for the Qt toolkit (KDE) and another for GTK 
(GNOME). When you first run the program (with a 
shortcut command named gg1), an icon appears in 
your system tray. To add gadgets to your desktop, 
right-click the icon and select Add Gadgets. Figure 
11 shows a sampling Google Gadgets running on 
my desktop. There's a nice flowerpot that requires 
you to water and care for the flowers in order for 
them to grow (ignore the flowers and they wither 
and die). If, like me, you never can have enough 
trivia, check out the Absolut Trivia gadget (yes, that 
Absolut), which displays a new piece of trivia every 
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In onder 10 form an 
immaculate 
member of a fiock 
of sheep one must, 
above all, bea 
sheep. 


Download Google Chrome 
Spend lers time typing, and more 


162 Days Left 
Until Bush goes 
Bye Bye! 


That's only 0.44 yer 


Figure 11. A sample of the hundreds of gadgets available 
from Google Gadgets for Linux. 


few seconds. To help me make decisions, I’ve got a 
Magic 8 Ball. The weather, always important, shows 
up in a cool weather globe. And, of course, when 
I've been working too long, the RSI Break gadget 
tells me to take a break. 

One gadget you likely won't need by the time 
you read this is the George Bush “days left in 
office” countdown gadget, which is either a count- 
down to freedom and renewed sanity, or a dark day 
for American politics, depending on where you sit 
on the GBW fence. Although | can’t say for sure, | 
suspect that an Obama or McCain countdown timer 
probably is in the works. 

There are tons of gadgets available, so how do 
you choose? When you select Add Gadgets from 
the system-tray icon, it fires up the Gadget Browser. 
Using the Gadget Browser (Figure 12), you can 
select from hundreds of gadgets, categorized 
according to interest and function, as well as new 
and updated gadgets. Those created by Google 
have their own category. 

For instance, click on Lifestyle, and you will be 
able to choose from more than 150 gadgets that 
do all sorts of wonderful things, including display 
horoscopes, recipes, quotes from various sources 
or pictures from the world’s greatest beaches. You 


let us all drink to one another's health. A votre 
santé! Bon appétit/= 


Figure 12. Google’s Gadget Browser lets you select from sev- 
eral categories of gadgets, including those created by Google. 


know, that last one doesn’t sound half bad. 

Well, mes amis, | fear it is that time again. The 
hour is late, and closing time is upon us. As you 
have seen, useful tools need not be all business, just 
as business in this fine restaurant is, in fact, much 
closer to pleasure. With one of the world’s finest 
wine cellars and undoubtedly the finest waiter in 
the world, how could it be anything else? Speaking 
of whom, Francois, kindly refill our guests’ glasses a 
final time. Please, mes amis, raise your glasses and 


Marcel Gagné is an award-winning writer living in Waterloo, Ontario. He is the 
author of the Moving to Linux series of books from Addison-Wesley. Marcel is also 
a pilot, a past Top-40 disc jockey, writes science fiction and fantasy, and folds a 
mean Origami T-Rex. He can be reached via e-mail at marcel@marcelgagne.com. 
You can discover lots of other things (including great Wine links) from his Web 
sites at www.marcelgagne.com and www.cookingwithlinux.com. 


Resources 


ASCllQuarium: robobunny.com/projects/asciiquarium/html 
BSOD: www.vanheusden.com/bsod 


Google Gadgets for Linux: 
code.google.com/p/google-gadgets-for-linux 


KDE Plasma Wiki: techbase.kde.org/Projects/Plasma 
xcockroach: xcockroach.free.fr 

xpenguins: xpenguins.seul.org 

Marcel’s Web Site: www.marcelgagne.com 


Cooking with Linux: www.cookingwithlinux.com 


13-53 Speed Up Multiple SSH Connections to the Same Server 


If you run a lot of terminal tabs or scripts that all need to make 
OpenSSH connections to the same server, you can speed them 
all up with multiplexing: making the first one act as the master 
and letting the others share its TCP connection to the server. 

If you don’t already have a config file in the .ssh directory 
in your home directory, create it with permissions 600: 
readable and writeable only by you. 

Then, add these lines: 


Hostess: 
ControlMaster auto 
ControlPath ~/.ssh/master-%r@%h:%p 


ControlMaster auto tells ssh to try to start a master if 
none is running, or to use an existing master otherwise. 
ControlPath is the location of a socket for the ssh processes 
to communicate among themselves. The %r, %h and %p are 
replaced with your user name, the host to which you're 
connecting and the port number—only ssh sessions from the 
same user to the same host on the same port can or should 
share a TCP connection, so each group of multiplexed ssh 
processes needs a separate socket. 


To make sure it worked, start one ssh session and keep it 
running. Then, in another window, open another connection 
with the -v option: 


~$ ssh -v example.com echo "hi" 


And, instead of the long verbose messages of a normal ssh 
session, you'll see a few lines, ending with: 


debug1: auto-mux: Trying existing master 
hi 


Pretty fast. 

If you have to connect to an old ssh implementation that 
doesn’t support multiplexed connections, you can make a 
separate Host section: 


Host antique.example.com 
ControlMaster no 


For more info, see man ssh and man ssh_config. 
—DON MARTI 
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FilmBuzz Trivia Goes Live 


Wrapping up the Twitter movie trivia game. 


| was sure last month that we'd wrap up this film- 
trivia Twitter game, but, as you'll recall, | ended that 
column with “Oh. We've run out of space. Again.” 
This month, I'll skip the prelude and jump in. 
You should follow the triviabot at twitter.com/ 
FilmBuzz, and you can find back columns on 
the Linux Journal Web site if you need to get 
up to speed. 


Command-Line Tweets 

Last month, | ended by showing you a rudimentary 
solution to sending out twitters on the command 
line that looked like this: 


#!/bin/sh 

# tweet - command line twitter interface 

user="filmbuzz"; pass="acctpasswd" 

msg=$(echo $@ | sed 's/+/%2B/g;s/ /+/g') 

$curl --silent --user "$user:$pass" --data-ascii \ 
"status=$msg" "http://twitter.com/statuses/update.json" \ 
> /dev/null 


With that available, sending Twitter updates is as 
easy as typing: 


$ tweet "My favorite film? Probably Lawrence of Arabia" 


@gmanreviews | know all about obsessed cricket fans. I'm 


And, it's off into the ether (Figure 1). 

So, clearly you can send tweet messages from 
the command line. In previous columns, we also 
pulled all the pieces together to be able to output 
trivia questions to standard out (stdout). 


Let's Put It Together 

We have two command-line shell scripts that we 
need to put together: one sends its input as a mes- 
sage to Twitter, and the other actually generates a 
trivia question. Here’s the latter, in action: 


$§ generate-trivia-question.sh 
Film Trivia! Was the movie "Schindler's List" 
released in 1993, 1994 or 1996? 


There are a bunch of ways to put them together, 
but I'm partial to subshells using the $( ) notation. 
So, here’s how | can output the very first real live 
programmatically generated trivia question to the 
FilmBuzz Twitter account: 


$ ./tweet $(bash generate-trivia-question.sh) 


And, Figure 2 shows the output. 
Hu-bloody-rah! Finally. 


Making It a Cron Job 

Now that we have a command-line-based 
method of generating and disseminating movie 
trivia questions via Twitter, we need to automate 


English born. :-) 
FilmB uzz 27s ago via twhirl in reply to gmanreviews 


j My favorite film? Probably Lawrence of Arabia 
FilmB uzz about 1m ago via web 


cl Tons of buzz on "The Hurt Locker" (about Iraq), but distro 


the process, because | am not going to log in 


"| Film Trivia! Was the movie "The Philadelphia Story" released in“ © 
1939, 1940 or 1951? 


FilmB uzz just now via web 


Summit won't be releasing it until next spring or summer. Quitea 
delay... 


@gmanreviews | know all about obsessed cricket fans. I'm 
English born. :-) 
FilmB uzz about 5m ago via twhirl in reply to gmanreviews 


FilmB uzz about 1h ago via web 


My favorite film? Probably Lawrence of Arabia 
FilmB uzz about 6m ago via web 


Tons of buzz on “The Hurt Locker" (about Iraq), but distro 
Summit won't be releasing q 


Figure 1. Notice the middle tweet. That's us! Figure 2. The topmost entry is our trivia question. 
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We have two command-line 
shell scripts that we need 
to put together: one sends 
its input as a message to 
Twitter, and the other actually 
generates a trivia question. 


every few hours and type that command on the 
command line! 

The tool of choice for any sort of automation, 
of course, is crontab. If you're reading Linux 
Journal, | imagine you're already familiar with it, 
but if not, read the man page for this powerful 
utility (man crontab). 

For all its strengths, crontab requires that you 
have a simple invocation, and | generally like to 
write a script specifically targeting that crontab 
entry—ike this: 


#!/bin/sh 

# film trivia crontab job 
tweet="/home/filmbuzz/trivia/tweet" 
generateq="/home/filmbuzz/trivia/generate-trivia-question.sh" 
question="$(/usr/local/bin/bash $generateq) " 

$tweet "$question" 

exit 0 


Easy enough. This can, of course, be run from 
the command line to test it, but what we really 
want to do is run it from crontab to see if all the 
paths and file permissions are correct, so it can 
run unattended. 

To create or edit a crontab file, type crontab 
-e. I'm going to send out only two trivia 
questions each day: one at 11am and one at 
3pm. The format of crontab entries is a bit 
tricky though, as the time and date recurrence 
requirements are specified as minute, hour, 
day-of-month, month and day-of-week, followed 
by the command itself. Fields you don't want 
to specify can be left as an asterisk (a wild card). 
So, if | want to run this command seven days 
a week at 11am and 3pm, | can most easily 
specify it as: 
OTL 15. ee trivia-cronjob 

That's not quite right, though, because generally 
you can count on cron jobs having a far more trun- 
cated PATH than you're used to interactively, so 
every path should be specified (including in any 


— 


) “Following Device updates OFF 


Film Trivia! Was the movie "The Ox-Bow 
Incident" released in 1937, 1943 or 1951? 
[via crontab] 


1 minute ago from web 


Film Trivia! Was the movie “Eternal Sunshine of the Spotless Mind” 
released in 2002, 2004 or 2006? 28 minutes ago from web 


This is weird news: “Terminator Salvation” will digitally wrap 
Schwarzenegger's face onto someone else's body for the film. 37 minutes 
ago from web 


Film Trivial Was the movie “The Philadelphia Story” released in 1939, 
1940 or 1951? 38 minutes ago from web 


script that’s executed). Here’s what | actually have in Figure 3. See 
my crontab: the topmost entry. 
It lives! 


0 11,15 * * * $FBDIR/trivia/trivia-cronjob 

Oh, there’s one more wrinkle. My server runs in 
UTC (Universal Time, Coordinated, aka Greenwich 
mean time), so when it's 11:22am here in Colorado, 
my server thinks it’s 17:22:41 GMT 2008. 

Because crontab uses the system time, | need to 
adjust my specified times to meet my expectations, 
moving from 11,15 to 17,21. Otherwise, we're 
good to test! 

Hmm...nothing happened. A quick check of my 
e-mail reveals the cause: 


/home/filmbuzz/trivia/trivia-cronjob: permission denied 


That's easily fixed with a chmod call (Figure 3). 

As you can see in Figure 3, that fixed the 
problem, and now we've got a live trivia-question- 
injection system that scrapes the Internet 
Movie Database, figures out the correct and 
two likely, but incorrect, release years and puts 
it out on Twitter. 

Next month, we'll finally move to a new script- 
ing topic. And, in the meantime, if you want to 
enjoy the fruit of our extended labor and try your 
hand at film trivia, follow @FilmBuzz on Twitter at 
twitter.com/filmbuzz.a 


Dave Taylor is a 26-year veteran of UNIX, creator of The Elm Mail System, and 
most recently author of both the best-selling Wicked Cool Shell Scripts and 
Teach Yourself Unix in 24 Hours, among his 16 technical books. His main Web 
site is at www.intuitive.com, and he also offers up tech support at 
AskDaveTaylor.com. Follow Dave on Twitter through twitter.com/DaveTaylor. 
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MICK BAUER 


Samba Security, Part Il 


Build a secure file server with cross-platform compatibility. 


Last month, | began a multipart series of articles on 
how to build a secure file server based on Samba for 
local (non-Internet-facing) use. | gave an overview 
of file server security goals, described why Samba 
might be the best tool for the particular job of 
serving “network drives” to clients on different plat- 
forms connected to a Local Area Network, defined a 
number of Samba acronyms and concepts, and 
explained how to install the Samba server daemons, 
client utilities and its configuration GUI, Swat. 

This month, | expand upon our usage scenario 
and begin demonstrating how to construct an 
smb.conf file that executes this scenario in a secure 
fashion. As usual, | cover not only security, but also 
how to get things working in general—it isn’t 
helpful to be told how to secure a process that isn’t 
behaving the way you expect in the first place. 


Usage Scenario 

As | explained last month, we want to build a 

convenient and secure file server that supports 
both Windows and Linux (and other *nix) clients. 


To use more Samba-specific terms, our 
server will operate with “user-mode” 
security, using a combination of local 
Linux/UNIX user account information 
and Samba-specific hashes of those 
users’ passwords to authenticate 


access to workgroup resources. 


Specifically, we want to build a non-Internet-facing 
Samba file service that supports several different 
levels of security: Guest (anonymous) access, 
read-only access for some authorized users and 
read/write access for other authorized users. 

To use more Samba-specific terms, our server 
will operate with “user-mode” security, using a 
combination of local Linux/UNIX user account infor- 
mation and Samba-specific hashes of those users’ 
passwords to authenticate access to workgroup 
resources. A workgroup, you may remember from 
last month, may include shares provided by multiple 
Samba servers, but each server in that workgroup 
must maintain its own user database independently 
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(which is why Domains and Active Directories are 
better choices than workgroups for more complex 
environments). Accordingly, our sample workgroup 
will use a single server. 

To flesh out our example scenario still further, let's 
suppose I’ve got a boardinghouse and my tenants are 
a trio of FBI special agents: Skippy, Knute and Pepe. 
Being fond of my cooking, they keep a close watch 
on my weekly meal schedule, which | post on my 
Samba server every Sunday night—you can bet 
nobody works late any evening on which tater tots 
will be served. This schedule is a public document, as 
far as I'm concerned (I'm vain about my cooking). 

If my resident agents help mow the grass, feed 
the hedgehogs and tune the piano, they get a break 
on rent. So, | also maintain a schedule of chores they 
all can read, but which, of course, | don’t want them 
to be able to change themselves (imagine the out- 
rage if Pepe always got to feed the hedgehogs). 

Besides, being secret agents after all, these guys 
don’t want anyone else to know who'll be outside 
raking the compost on any given Saturday—you 
never know when the enemies of freedom might 
strike. So, the chore schedule is private, and it can 
be read but not altered by my tenants. 

Finally, unbeknownst to the boys, their boss has 
asked me to log their Web-surfing activity from my 
firewall. Although the joke’s on him (they all use TOR), 
these logs are nonetheless super-secret. Actually, those 
logs probably don’t belong on any file server at all, 
but sometimes | amuse myself by adding fake entries 
to Skippy’s log (“GET HTTP://thesharperimage.com/ 
expensive_gifts_for_your_boss.html”), so my 
firewall stores them on a restricted share on the 
Samba server. 

To summarize, | need to create a workgroup 
(I'll call it FED-CENTRAL) with four user accounts 
(skippy, Knute, pepe and mick) and three file 
shares (SUPPER, CHORES and BUZZ-OFF). 


Samba Configuration: Global Settings 
With that, we are ready to go. Assuming you suc- 
cessfully installed the Samba server and client pack- 
ages per last month's instructions, the first step in 
configuring Samba is to set some global variables. 
There are two different ways to configure Samba. 
The first is by editing /etc/samba/smb.conf directly 
using your text editor of choice, and then restarting 
the smbd and nmbd Samba daemons. You very well 
may gravitate to this method as soon as you're 


comfortable with Samba, because it’s the quickest 
and most direct way to change Samba’s behavior. 

Lately, I've become a big fan of the second way, 
however: Swat, the Samba Web Administration 
Tool. If you're scandalized by my endorsing a graph- 
ical tool that requires you to set a root password 
(which, by default, doesn’t exist on Ubuntu systems), 
see last month's column. Suffice it to say that in 
this case, I’m not talking about an Internet-facing 
system, and the educational benefits of Swat outweigh 
its security risks here. 

Besides, Swat really isn’t a crutch; it simply presents 
you with a Web form for assigning values to all possi- 
ble variables in smb.conf, with convenient Help but- 
tons that send you directly to the appropriate section 
of the relevant man page. The more you use Swat, the 
more comfortable you'll be editing smb.conf directly. 
How many GUls can you say that about? 

I'm going to assume you had no problems with 
the instructions | provided last month on installing 
Samba and Swat, including configuring and restart- 
ing inetd, and that Ubuntu users were able to stom- 
ach issuing the sudo passwd root to set a root 
password. (And, even if you weren't, or simply pre- 
fer not to use Swat, all of what follows still should 
be useful, because the variables and values in my 
Swat screenshots and examples are the same as 
those contained in smb.conf.) 

Running Swat is easy. Simply start your browser 
of choice, and point it to http://localhost:901/. The 
first thing you'll see is Swat’s Home page, which 
consists of a row of navigation buttons (Home, 
Globals, Shares, Printers and so forth). These appear 
on every one of Swat's screens, but unique to the 
Home page is a list of links to local man pages, 
HOWTOs and even complete books. | leave it to 
you to explore those; this page leads to a wealth 
of useful information for Samba users at all levels 
of skill and experience. 

For now, however, let’s dive right into Samba’s 
global settings. If you click the Globals button, and 
then scroll down to where the actual settings begin, 
you should see something like Figure 1. 

Obviously, we want to change the value of 
workgroup from WORKGROUP to FED-CENTRAL. 
The default for netbios name, however, is the 
hostname Samba automatically read in from 
/etc/hostname, and you usually can leave that alone, 
although you don’t have to. This is the name that 
turns up in people’s “network neighborhood” 
browser when they look for your server. 

The default value for security, which is user, 
also is exactly what we want. The same is true of 
encrypt passwords being marked yes. 

The next two variables, however, client schannel 
and server schannel, need to be changed. Schannel 
refers to the secure channel method of allowing 


Samba Web Adminstration lool» Mozilla Firetox 


Bile Edit View History Bookmarks Tools Help 
e»- @ [x] a {6} httpyfocalhost:901/globals 


@) Samba Web Adminis... % [e) Debian User Forums... 9€ |e) smb.conf 
Reset Values 


Re ca- Samba security x 
3 8 netlogon schannel's... ¢ > 


Commit Changes 


Base Options 
workgroup Set Default 


realm Set Default 
netbios name CASA_DE_MICK Set Default 
netbios aliases | | Set Default 
server string 
interfaces 

Security Options 
security USER 
auth methods 
encrypt passwords 
client schannel 
server schannel 
map to guest 


WORKGROUP 


Set Default 
Set Default 


‘%h server (Samba, Ubuntu) 


> Set Default 
Set Default 
Yes ~ Set Default 
Auto + Sot Dofault 
Auto» Set Default 


Bad User > Set Default 


Figure 1. Some Global Settings 


Samba Web Administration Tool = Mozilla Firetox 


File Edit View History Bookm@tks Tools Help 


€¢>- tx) & Mtpsocalhost:sor/globals ey Ge a 
©) Samba Web Admini... > (6) httpi/foc...feho9.html jf (6) Chapter 2, Fast Star... { [o)smbconf = 


Help obey pam restrictions Yes - Set Default 2 


Help passdb backend tdbsarm Set Default 
Help guest account nobody Set Default 
Help pam password change Yes + Set Default 

Help passwd program Jusribinipasswd %u Set Default 


‘Help = passwd chat 
Help unix password sync 


*Enter\snew\s*ispassword:* %ni\n *Retypelsnew\s*\sp Set Default 
Yes ~ Set Default 


Help valid users mick, knute, pepe, skippy, nobody Set Default 
Help admin users mick Set Default 
Help read list knute, pepe, skippy Set Default 
Help write list mick Set Default 
Help printer admin Set Default 
Help _ hosts allow Set Default 
Help _— hosts deny Set Default 
Help preload modules Set Default 


Logging Options : 
httpulocalhost:901/swathelp/manpages/smb,conf,S.html#PASSWOCHAT 


Figure 2. More Global Settings 


Samba clients to log on to Samba servers, and 
we don’t want this to be optional. We want it 
to be mandatory. Therefore, for both of those 
variables, we should change the value from 
auto to yes. 

The last variable shown in Figure 1 is map to 
guest. That value tells Samba under what circum- 
stances it should grant guest access to a client 
that has just had a failed login attempt. Samba’s 
default for this is normally never, which effectively 
disables guest access. But, as you can see in 
Figure 1, on my Ubuntu system, the default value 
actually is Bad User, which means that if people 
try to log on with a nonexistent user name, 
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they'll be given guest access. 

If you scroll farther down on Samba’s Global 
page, you should see something like Figure 2. 

Continuing through these global settings, obey 
pam restrictions implies that Samba will honor PAM 
(Pluggable Authentication Modules) settings. But in 
practice, if encrypt passwords remains set to yes, 
Samba will ignore PAM altogether. 

passdb backend specifies what type of database 
Samba should use to store its password hashes. The 
default (todsam) is usually the best choice. 

guest account is the local Linux account that 
will be used for clients who fail authentication, 
as | described earlier when talking about map to 
guest. passwd program, passwd chat and unix 
password sync involve how and whether Samba 
mediates end users’ attempts to change their 
passwords via Samba (Windows file sharing) ses- 
sions. Leave these at the default settings unless 
you don’t want users to be able to change their 
passwords that way. 

By now, you may be wondering, what's the dif- 
ference between Samba’s password database and 
the list of hashes stored in /etc/shadow, given the 
fact that they correspond to the same set of local 
user accounts? The short answer is, Samba 
(SMB/CIFS) uses an authentication protocol with 
which UNIX password hashes are not compatible. 

The bad news is that Samba’s password 
database is, thus, totally redundant with Linux’s, 
and it creates the potential for users having to 
remember two different passwords. The good news 
is that if passwd program and passwd chat are set 
correctly (which they should be by default, if you 
use your Linux distribution’s official Samba pack- 
ages), and unix password sync is set to yes, Samba 
automatically will update users’ Linux passwords 
every time they change their Samba password. 

(| talk about this more in the next section.) 

Moving on, valid users allows you to specify a 
list of Linux/UNIX user accounts to which you want 
to grant access to Samba shares. The default value 
"" (null) results in all local Linux accounts being 
valid. For our example scenario, I’ve set valid users 
to mick, knute, pepe, skippy and nobody. 

admin users allows you to grant superuser 
privileges on all shares for one or more local user 
accounts, regardless of Samba or Linux file permis- 
sions on that share. Be careful with this setting! It 
has the effect of executing local commands as root 
on behalf of such users. In Figure 2, I’ve specified 
mick as an admin user, because | often use that 
account for system administration tasks anyhow. 

read list allows you to specify which users should 
have default read-only permissions on shares. As 
you can see in Figure 2, I’ve set our read list to 
knute, pepe and skippy. 
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Similarly, write list specifies a list of users who 
should have read-write privileges by default. I've set 
that value to mick. 

printer admin is out of the scope of this article 
for now (though | may cover printer shares later in 
this series). hosts allow and hosts deny, however, 
are noteworthy. They allow you to create TCP 
Wrappers-style access control lists. hosts allow is a 
whitelist of IP addresses, network addresses, host- 
names or domain names that should be allowed to 
connect by default (assuming successful authentica- 
tion, of course). 

hosts deny is a blacklist, also consisting of IP 
addresses, network addresses and so forth, whose 
members won't even be permitted to attempt authen- 
tication. Samba will break any connection attempted 
by any host matching this list. The hosts_access(5) man 
page provides complete information about the syntax 
of the values of these two variables. 

And, that’s it for global settings, for now. To 
write the changes we've made to our working 
/etc/samba/samba.conf file, click Swat's Commit 
Changes button. 

Some of the variables you set to custom strings, 
such as valid users, may not appear when the 
screen refreshes. To see them, simply click the 
Advanced View button (next to Change View To: 
near the top of the page). 


Setting Up User Accounts 
The last task we've got space for this month is set- 
ting up our user accounts, and there are four steps: 


1. Create the accounts under Linux. 

2. Assign those accounts Linux passwords. 

3. Create Samba password database entries for each. 
4. Have the users change their Samba passwords. 


Step one is to use whatever method you usually 
use to create user accounts on your system—either 
by using your system administration GUI of choice 
(such as GNOME’s Users and Groups applet) or via 
the commands useradd, userdel and so forth. 

For example, to create Pepe's account, | could 
use the following command. Note the sudo, neces- 
sary for Ubuntu. On other distributions, su to root 
before executing these commands, and omit the 
sudo that each begins with here: 


bash-$ sudo useradd -c "Pepe" -m -g users pepe 
This creates the user account pepe with the 


comment Pepe, automatically creates a home direc- 
tory (/nome/pepe) and assigns it to the group users. 


Regenerating smb.conf in Debian/Ubuntu 


What if, in the process of tinkering with 
your Samba configuration, you so com- 
pletely lose track of what you've changed 
versus what you started with that you 
want to begin again with the default 
/etc/samba/smb.conf file? And, what if 
you failed to create a backup copy of 
smb.conf before you changed it? 


You might think Swat could do this. Swat 
has default buttons next to each configu- 
ration option. Clicking a default button is 


supposed to replace your custom value 
with the value from the default smb.conf 
file included with Samba. However, in my 
own experience, the behavior of these 
buttons is erratic. Sometimes null values 
are (incorrectly) returned, and clicking the 
default button for every option is time 
consuming anyhow. 


My advice is that if you’re using Debian 
or one of its derivatives, such as Ubuntu, 
and you need a fresh smb.conf file, you 


should completely un-install the pack- 
age samba-common, and then re-install 
it. (This also will result in things that 
depend on samba-common to be 
un-installed, so note which packages 
you'll need to re-install after you've 
restored samba-common.) 


In between removing and re-installing 
samba-common, you may want to check 
/etc/samba to make sure smb.conf is 
truly gone, and delete it if it isn’t. 


To be extra paranoid, you could insert the string -s 
/bin/false after -g users, which will disable nor- 
mal Linux logins for Pepe's account, making it use- 
less for anything other than Samba access. 

Step two is to set each user's Linux password, 
like this: 


bash-$ sudo passwd pepe 


Obviously, you need to communicate whatever 
password you set here to Pepe in a secure fashion, 
and Pepe will need to change this password to 
something you don’t know. (But that part happens 
in step four.) 

Step three is to use the smbpasswd command to 
create each user’s Samba password database entry, 
like so: 


bash-$ sudo smbpasswd -a pepe 


You'll be prompted to set and confirm Pepe's 
Samba password, after which the new account will 
be added. It's probably a good idea to use the same 
initial password here that you used in step two. 

Finally, you'll want Pepe to log in to the system 
(assuming you didn’t set his shell to /bin/false) and 
issue the following command: 


pepe@casademick$ smbpasswd 


Pepe will be prompted for his old password, 
his new password and confirmation of his new 
password. Assuming all three of those are good, 
Samba will change both Pepe’s Samba password 
and his Linux password accordingly. Note that 
this synchronization does not occur when you 
create a new Samba password entry as root, 
using the -a flag. 

If Pepe has an invalid shell, such as /bin/false, 


you'll have to let him sit at your console while you 
type the command sudo smbpasswd pepe, and 
then turn your back while he changes his password. 
You'll then need to do the same thing with the 
command sudo passwd pepe, because Samba 
does not synchronize Linux/UNIX passwords if you 
execute smbpasswd as root. 


Conclusion 

We've specified our usage scenario, set up some 
basic global settings using Swat and started adding 
users. Next month, we'll create the actual shares, 
but if you can’t wait until then, you'll have no prob- 
lem figuring out how using Swat’s ample documen- 
tation. The “Official Samba 3.2.x HOWTO and 
Reference Guide” (see Resources) also may help. 
Have fun, and be safe!m 


Mick Bauer (darth.elmo@wiremonkeys.org) is Network Security Architect for one 
of the US's largest banks. He is the author of the O'Reilly book Linux Server 
Security, 2nd edition (formerly called Building Secure Servers With Linux), an 
occasional presenter at information security conferences and composer of the 
“Network Engineering Polka’. 


Resources 


Christopher R. Hertel’s On-line Book Implementing 
CIFS, a Comprehensive Source of Information on All 
Things CIFS/SMB-Related: www.ubiqx.org/cifs 


“The Official Samba 3.2.x HOWTO and Reference 
Guide”: us1.samba.org/samba/docs/man/ 
Samba-HOWTO-Collection 


Did you know Linux Journal maintains a mailing list where list 
members discuss all things Linux? Join LJ’s linux-list today: 
http://lists2.linuxjournal.com/mailman/listinfo/linux-list. 
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Mutt and Virtual 


Folders 


Why limit yourself to searching for messages within one folder in mutt? 
You are a few short shell scripts away from multifolder searching bliss. 


If you didn’t already know, |’m a mutt- 
addict\HAHAHAHAHuser. At this point, | can’t 
even remember when | started using mutt. All | 
do know is that every time | try another mail 
client, | just get frustrated by how long it takes 
to go through my e-mail. Well, that, plus try to 
navigate a GUI e-mail program with vi key bind- 
ings—it (usually) doesn’t work. 

Why try other mail clients if | love mutt so 
much? Well for one, some of the other mail 
clients do have a few interesting features, such 
as virtual folders. With a virtual folder, you can 
create a keyword search, and then all messages 
that match the search end up in a special folder 
you can browse. Well, it turns out, the same 
functionality is available in mutt if you use 
maildirs and are willing to do a little scripting. 

One major problem with the default search 
abilities in mutt is that you can search within 
only one folder at a time. | store just about 
everything that’s important in e-mail, and | have 
many different folders with even more procmail 


With a virtual folder, you can create a 
keyword search, and then all messages 
that match the search end up ina 


special folder you can browse. 


rules to sort incoming mail between them. The 
downside to this is occasionally | can’t remember 
exactly in which folder a particular e-mail message 
is located. 

The solution to the mutt search problem 
takes advantage of the fact that if you use 
maildirs on your mail server, each folder is a 
directory on the server, and each e-mail message 
is a file within that directory. Basically, a script 
can go through each of your folders and grep 
for your keyword and then create a new maildir 
with symlinks to any matching files. | named my 
solution maildirsearch, and it looks something 
like this: 
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#!/bin/sh 


MAILDIRS="$HOME/mail" 
VFOLDER="search" 
VFOLDERPATH="$MAILDIRS/$VFOLDER/cur/" 
FOLDERS='1ls $MAILDIRS | egrep -v 
"search|flagged"- 


rm -f $VFOLDERPATH/* 


for i in $FOLDERS 


do 
for j in ‘egrep -1R "$@"  $MAILDIRS/$i° 
do 
In -s $j $VFOLDERPATH/; 
done; 
done; 


Next, | created another script called muttsearch 
that would execute my maildirsearch script, then open 
a new instance of mutt that reads the new virtual 
search folder. One nice feature of using this method is 
that | can see the search results grow within the mutt 
window and start reviewing results immediately: 


#!/bin/sh 


VFOLDER="search" 

$HOME/bin/maildirsearch "$@" & 

sleep 1; 

mutt -f "=$VFOLDER" && killall maildirsearch >/dev/null 2>&1 


Finally, | set up a key binding in mutt so that | 
could press Esc-S, type in a keyword (or regex) and 
start the search: 


macro index \eS "<shell- 
escape>$HOME/bin/muttsearch \"" 
macro browser \eS "<shell- 
escape>$HOME/bin/muttsearch \"" 


Now, there is a downside to this script—it's 
designed to be run on the server that stores the mes- 
sages. In my case, | use a tool called offlineimap to 
sync my remote e-mail server with my laptop, so | 


always have a copy of my messages locally. If you don’t want 
to go that route, but want to be able to search from your local 
machine, you potentially could modify my muttsearch script so 
that it SSHes into your mail server and executes the script. 

The script actually works well for me, but | realized after 
some time that | did a lot of the same searches over and over 
again. For instance, | am a heavy user of the “flag for follow- 
up” function in mutt. If you are in the message index and 
press the F key, it sets a flag on the message and displays an 
exclamation point in front of it. | use this to remind myself 
that | need to reply to a message. The downside to this is 
that | have to go to a particular folder regularly to see the 
flag, and sometimes | want to see all of my flagged messages 
at once. It turns out that the same virtual folder concept | 
used for my search works well for this too. 

First, | created a script called flag-folder. When you flag an 
e-mail in a maildir system, the e-mail gets an F added after the 
last comma in the filename. Basically, my flag-folder script 
searches through all my maildirs for files that match the pattern 
and then symlinks those files into a new maildir named flagged: 


#!/bin/sh 


This script finds all the flagged e-mail in a 
Maildir and symlinks them to a 'flagged' folder 
in the Maildir. 


# 
# 
# 
# To run it every 5 minutes, for instance, add the 
# following to the user's crontab 

# 

# 


i ee /home/greenfly/bin/flag-folder 
MAILDIR="$HOME/mail/" # path to your maildir 
FLAGGED="${MAILDIR}/flagged/cur" # path to your 

# (precreated) flagged folder 


cd $FLAGGED 
rm ${FLAGGED}/* 


# find all the files in the maildir, then search for 

# flagged files (files with an F after the last comma 

# in the filename) and symlink them 

find ${MAILDIR} -type f | perl -ne '$foo = '""; $foo = 
(split ",", $_)[-1] if(/,/); if($foo =~ /F/) {chomp 
system "In -s § .\n";}' 


As you can see in the comments in the script, you also 
simply can set this up as a cron job on your mail server so that 
your flagged folder is updated constantly. Then, | created a 
script similar to my muttsearch script called muttflag that basi- 
cally does the same functions, except for the flag-folder script: 


#!/bin/sh 


VFOLDER="f lagged" 
$HOME/bin/flag-folder & 
Sleep 1; 

mutt -f "=$VFOLDER"; 


Finally, | created another key binding so that pressing 
Esc-F executes the muttflag script: 


macro index \eF "<shell-escape>$HOME/bin/muttflag \n" 
macro browser \eF "<shell-escape>$HOME/bin/muttflag \n" 


There are a lot of other possibilities when you use virtual 
folders in mutt. So far, the only big downside | have found is 
that because the script uses symlinks, any flags applied to 
messages within virtual folders don't apply to the real mes- 
sage. For instance, if you reply to a message within a virtual 
folder, it updates the filename for the symlink, but not the 
file it links to. Essentially, this means you lose that reply flag 
unless you go to the original folder and reply. 

Apart from the downsides though, I’m pretty happy with 
virtual folders in mutt. Once again, it’s faster than searches 
I've seen in other clients, plus | get to keep my vi key bind- 
ings, which you can have when you pry them from my cold, 
dead IBM Model M keyboard.m 


Kyle Rankin is a Senior Systems Administrator in the San Francisco Bay Area and the author 
of a number of books, including Knoppix Hacks and Ubuntu Hacks for O'Reilly Media. He is 
currently the president of the North Bay Linux Users’ Group. 


Low Cost Panel PC 
PPC-E7  ——_— 


* Cirrus ARM9 200MHzCPU 

* 3 Serial Ports.& SPI 

* Open’ ramelDlesagin 

¢ 3 USB 2.0 Host Ports 

¢ 10/100 BaseT Ethernet 

¢ SSC-12S Audio Interface 

¢ SD/MMC Flash Card Interface 

¢ Battery Backed Real Time Clock 

¢ Up to 64 MB Flash & 128 MB RAM 

* Linux with Eclipse IDE or WinCE 6.0 

* JTAG for Debuging with Real-Time Trace 2.6 Kernel 
¢ WVGA (800 x 480) Resolution with 2D Accelerated Video 
¢ Four 12-Bit A/Ds, Two 16-Bit & One 32=Bit Timer/Counters 


Setting up a Panel PC can be a puzzling experience. However, 
the PPC-E7 Compact Panel PC comes ready to run with the 
Operating System installed on Flash Disk. Apply power and 
watch either the Linux X Windows or the Windows CE User 
Interface appear on the vivid color LCD. Interact with the PPC-E7 
using the responsive integrated touch-screen. Everything works 
out of the box, allowing you to concentrate on your application, 
rather than building and configuring device drivers. Just Write-It 
and Run-lt. Starting at $495 

For more info visit: www.emacinc.com/panel_pc/ppc_e7.htm 
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) NEW PRODUCTS 


Good OS's gOS Gadgets 


gOS Gadgets, from the company Good OS, has been upgraded to Version 3. gOS 
Gadgets utilizes the diminutive and open-source Google Gadgets for the Linux platform 
to help PC OEMs make more affordable, consumer-friendly Netbooks and Nettops. New 
in the upgraded gOS Gadgets is an expanded, more stable release of Google Gadgets } 
for Linux that offers users access to more than 100,000 Google and iGoogle Gadgets / », 
that decorate the desktop with live, personalized Internet content. It also features a i: é 
unique user interface with big icons that launch Google applications in Mozilla 

Prism, a browser that makes Web applications feel more like desktop applications. ——— al 
gOS Gadgets is available for free download from Good OS’s Web site. 


www.thinkgos.com 


Promise Technology’s SuperTrak 
EX16650 16-Port RAID Controller 


Promise Technology stresses comprehensive Linux support on its new 16-Port 
RAID Controller, the SuperTrak EX16650. The EX16650 and the rest of the 
SuperTrak EX RAID controller family now officially supports more than 15 differ- 
ent Linux kernel distributions in addition to the company’s open-source Linux 
drivers. The devices also now have native “inbox” driver support in all major 
Linux distributions. The EX16650 provides 16 ports of SAS/SATA connectivity, 
eliminating the requirement for a separate expander in most applications. Promise 
says the controllers are ideal for enterprise data solutions, such as enterprise 
storage servers, network backup, disk-to-disk backup, security and surveillance, 
video editing and digital content creation. 


www.promise.com 


Terracotta 


The open-source Java clustering solution Terracotta has added a tick to the tenths column, landing at Version 2.7. 
The makers of Terracotta claim their application lowers costs and simplifies Web application deployment by reducing 
development effort and easing the load on application servers and databases, making it a solution well suited for 
scaling critical applications. Because Terracotta offers “the performance of local memory with the high availability 
of a database”, it eliminates the “unyielding performance and reliability trade-offs that constrain many Java 
applications today”. Version 2.7 also extends support of the Spring framework and the Glassfish application 
server, plus features that enhance scalability, performance and operational visibility. 


www.terracotta.org 


‘s” TERRACOTTA 


Fonality’s HUD Unified 
Communications Platform 


In telecom news, Fonality recently announced it will provide its HUD 3.0 unified 
communications software to the open-source trixbox Community Edition (CE) 
platform. Trixbox is the world’s largest free and open-source telephony project. 
As a result, trixbox CE users will enjoy presence management and detection in 
a single interface for all types of office communications, including SMS, instant 
message, land-line calling, mobile calling, chat, voice mail, e-mail, conferencing, 


ae recording and barging. They also will have a “secure and affordable way to support 


remote and home-based workers”, says Fonality. Fonality adds that its contributions 
will “bring the polish of the HUD 3.0 unified communications platform, which 
is in use by more than 100,000 paid users, to the trixbox community”. 


| 


www.fonality.com 


40 | december 2008 www.linuxjournal.com 


NEW PRODUCTS 


Ravi Kothuri and Albert Godfrind’s Pro Oracle 
Spatial for Oracle Database 11g (Apress) 


Apress is venturing into the under-published topic of geospatial data management with its new book Pro 
Oracle Spatial for Oracle Database 11g, by authors Ravi Kothuri and Albert Godfrind. The book is targeted at 
software developers who want to develop applications using Oracle’s extensive built-in support for working 
with spatial, or geocoded, data. The book addresses issues such as the special nature of spatial data and its 
role in professional and consumer applications; the modeling, storing, accessing and analyzing of spatial data; 
the Oracle Spatial solution and the integration of spatial data into enterprise databases; and how spatial 
information is used to understand business and support decisions. Other topics include the SDO_GEOMETRY 
data type, geocoding of data, map creation, network modeling and optimizing analysis of spatial data. 


www.apress.com 


Matthew Scarpino’s Programming the Cell 
Processor (Prentice-Hall) 


The Cell processor is the linchpin that enables the world’s fastest supercomputer, IBM’s Roadrunner, so 
it likely will add wings to your application too. Matthew Scarpino’s new book Programming the Cell 
Processor, published by Prentice-Hall, shows how to create applications that harness the power of IBM's 
powerful Cell processor. Oriented toward game developers, graphics programmers and engineers, the 
book covers everything from the Cell’s advanced architecture to its tools and libraries, presenting code 
examples that help you gain a deep understanding of Cell development. Topics include mastering the 
Cell SDK, understanding Cell’s PPU, programming the Synergistic Processor Unit and more. 


www.informit.com 


te Encode vides a Sothink’s Video Encoder 
————,) ; Engine for Adobe Flash 


4 — * If your next mission is to bump off YouTube with your 


own video-hosting site, Sothink hopes you'll choose its 
new solution, Video Encoder Engine for Adobe Flash, to 
shane Hideo aha erentea do so. This Linux-based encoder can convert nearly any 
your own video hosting site popular video format to FLV and can be utilized on Web 
servers, blogs, forums and other interactive sites. The 
product also enables advanced video editing, batch conversion, quality control and other tasks with CGI or any other server-side 
scripting language. A demo video-hosting site, complete with source code and written in PHP, is included. Other functions include 
full control of video and audio quality and characteristics. 


= 


Upload video of any formats 


www.sothinkmedia.com 


Astaro’s Mail Gateway 


Astaro offers that its new Mail Gateway appliance trumps its competitors by being “the only 
security vendor that provides e-mail encryption free with its mail gateway solution”. Targeted 

at small- to medium-size businesses, the Mail Gateway also features virus protection and 
remote exchange access and runs transparently at the gateway to eliminate need for employee 
action. Removing individual employees from the encryption process, says Astaro, significantly 
lowers the chance that confidential data may be sent accidentally in plain text across the Internet. Astaro’s 
encryption is based on standards, such as S/MIME, OpenPGP and TLS, and allows for scanning of encrypted e-mail for 
malware. In addition, Astaro’s solution complements traditional antispam technologies with reputation-based filtering. 


www.astaro.com 


Please send information about releases of Linux-related products to newproducts@linuxjournal.com or New Products 


c/o Linux Journal, 1752 NW Market Street, #200, Seattle, WA 98107. Submissions are edited for length and content. 
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SF new rrosects 


Fresh from the Labs 


OpenNetAdmin— 
AJAX/Browser- 
Based Network 
Manager 


(opennetadmin.com) 

Born out of dissatisfaction with expen- 
sive commercial tools and the direction 
taken by most network admin pro- 
jects, OpenNetAdmin (ONA) takes a 
different approach to network admin- 
istration while making the task of 
administration a little bit nicer in the 
process. Project founder Matt Pascoe 
found commercial tools, such as 
Lucent QIP, Infoblox and Bluecat, to be 
okay, but they’re expensive and clunky 
for certain tasks, and they don’t follow 
the *nix principal of modular function- 
ality. All of the open-source tools he 
found, such as IP-Plan/IP-Track, had 
big usability issues, and the Java 
interfaces always annoyed him, so 

a Web-based AJAX interface made 
more sense. After coming up with 

a bunch of cool ideas and methods 
with his former coworkers, Matt 
couldn't let all of them go to waste, 
so he re-created his own variant that 
would work in a general sense for 
the Open Source community. 

ONA is meant to play a more 
authoritative role in your environment. 
Many tools want to go into a discovery 
mode and tell you what is in your net- 
work, while all the time adjusting your 
data. In contrast, ONA tells the network 
what it should have in it. This way, you 
can (hopefully) trust your own data to 
help you configure your environment 
the way you want it, but still utilize 
things like DHCP and its dynamic 
nature. ONA also is designed to help 
with auditing your network, and it’s 
geared toward helping configure your 
routers/switches/firewalls/nagios/cacti 
or pretty much anything for which you 
want to create an output template. 

The GUI also is an important element 
of ONA, designed to flow easily with 
familiar elements, such as pop-ups, 
search as you go and so on. 

Installation First, you need a basic 
LAMP installation of Apache, MySQL and 
PHP, or you'll be going nowhere fast. 


Matt recommends installing 


the following packages: o-9-4-C0S* tom e 
2 Onc Search en z Sm val 
[Freee sae SS ] 
@ libapache2-mod-php5 eae ' 
Record Counts you are wondering where 1 © You are on the offical stable version! (v08.08.16) 
3 | Sere cen tse « tyouneedtser animes ok ere 6 
9] G csetnc conan on 
@ php5-mysql preter 9 | 1 Senesion « Yoocan seo be man pes oad 
2 
@ php5 ° 
HM apache2 


@ mysql-server 


Once you've got the 
LAMP side of things sorted 
out, head to the ONA Web 
site, grab the latest tarball 
and save it somewhere 
locally. Once the download 
has finished, open a terminal in the 
directory where you saved the tarball, 
and enter the following commands as 
root or using sudo: 


# tar -C /opt -zxvf ona-v00.00.00.tar.gz 
# In -s /opt/ona/www /var/www/ona 

# touch /var/log/ona. log 

# chmod 666 /var/log/ona. log 

# chown www-data /opt/ona/www/local/config 


(If you know what you're doing here 
and use a different Web server user, feel 
free to replace the user name.) 

These steps should cover most cir- 
cumstances, but alternative steps can be 
taken if you prefer more customization 
or if it simply doesn’t work on your 
system. Check the installation documen- 
tation under docs/install in ONA‘s tarball 
for more information. 

Usage ONA is a browser-based pro- 
gram, so open up your favorite browser 
and head to http://<servername>/ona. If 
you don’t know your server name, local- 
host should work in most cases. This 
should take you to a License Agreement 
screen, but if you get a request to save 
a PHTML file instead, try another browser 
and check that PHP is installed properly 
(on my Ubuntu machine, for some rea- 
son it didn't work on Firefox, but it 
worked straightaway in Konqueror). 
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Network administration made clean and simple with 
OpenNetAdmin. 


After the License Agreement, 
you'll go to a screen where you need 
to assign passwords to the default 
users and user names (which you can 
change if you prefer). There also will 
be a number of prerequisite checks— 
ensure that they are set to Yes. After 
that, you now should be on the main 
ONA screen. When you start out in 
the main screen, you will be acting as 
a Guest by default, so you need to log 
in as admin. Click in the field near the 
top right where it says Guest, and 
enter admin in that field. After you've 
done that, a password box appears; 
enter admin there as well. 

Now that you're all set up, it’s time 
to explore. In the middle of the screen is 
a group of the main tasks you will be 
performing, such as Add a DNS domain, 
Add a new host and so on. If you look 
at the top left of the screen, there's a 
button called Tools. This contains a 
menu of all the tasks just mentioned 
as well as a host of other options. 
However, the most important option is 
Admin Tools (which also happens to be 
in the top center of the screen). This has 
some powerful options, such as man- 
aging DHCP, device models and roles, 
subnet types, users, groups and more. 
Information on pretty much every ONA 
networking task is available in some 
form or another, and some kinds of 
information seem to be available in 
lovely pie-chart form—perfect for 
boardroom types. 


Unfortunately, | just don’t have the 
space in this column to give this pro- 
gram justice, so hopefully we can 
cover it in a more detailed form some 
time in the future. ONA is chock-full 
of options; the GUI is pretty nice to 
use, and the aesthetics are pleasant— 
all of which will hopefully draw some 
new users into the world of Net 
administration. Nevertheless, some 
potential users may run away in fear 
of the command line, so hopefully, the 
installation process will benefit from 
distro-specific packages in the future 
(and in turn, hopefully, ONA will make 
its way into major distributions soon 
as a great admin tool). And, for those 
who want to jump in and try it without 
going through all the nasty installation 
stuff, check out the on-line demo 
(demo.opennetadmin.com). 


Vocatra—Text- 
Mode Vocabulary 
Trainer 


(vocatra.esite.ch) 


I'm always keen to bring you ever more 
niche-market stuff, and here's the latest 
little project I’ve found. Vocatra is a 
vocabulary trainer with a twist. It works 
in a terminal as text only—no GUI. I’m 
guessing there’s a demographic for 
that—perhaps an Apache system 
administrator who wants to brush up 
on five minutes of Japanese while he’s 
logged on by Telnet. 


@ nhoj: ban vA x 
fle Eat View Scrolmeck Boohmerks Settings Help 


Vocabulary training by command line? Guess 
so, it’s Vocatra! 


Installation Deb and RPM pack- 
ages are available at the Vocatra Web 
page, as well as a source package, and 
as usual, | cover the source version here 
for the sake of remaining bleeding 
edge. Grab the latest tarball from the 


Web site, extract the contents, and 
open a terminal in the new directory. 
Compilation is a doddle, as it's the 
standard process of: 


$ ./configure 
$ make 


And, as root or sudo: 
# make install 


Usage Once the source has com- 


piled and installed, start the program 
by entering vocatra. However, it will 
return an error message about missing 
a vocabulary file. This is normal, and 
for the moment, you will need to 
make your own vocabulary file. It 
sounds like a pain, but it’s genuinely 
easy to do, and it allows you to define 
the words with which you want to 
train, as opposed to some projects 
that just grab random words from 

a dictionary file (where you're just 

as likely to come across words like 


(9) ValuePack (always included) 


> 24/7 live customer service 
> 24/7 ticketing system 
| > Personal account manager 
> Lots of bandwidth 
> Free OS reloads 


> Free Rapid Reboot 


STEVE CHEN Founder | YouTube 


serverbeach.com 


() ServerBeach 


by geeus, for geexs™ 


Linux servers from 


When YouTube first started to experience its 
exponential growth and our hosting needs changed, 
ServerBeach offered us great flexibility. They continually 
redesigned our streaming architecture for optimum 
performance while keeping our hosting costs in check. 


> Free Rapid Rescue 


> Super fast PEER 1 network 


> Rock-solid IT infrastructure 


> 100% uptime guarantee 
> Choose your data center - East 


Coast, West Coast and Central 


.800.741.9939 


A PEER 1 COMPANY 
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NEW PRODUCTS 


Projects at a Glance 


Kuklomenos—Weird Space 
Shooter? 
(mbays.freeshell.org/kuklomenos) 


Kuklomenos—if you work out this game, 
let me know! 


Kuklomenos has to be one of the 


weirdest games I've ever come across. 


I'm not doing a full review here, 
because | simply can’t figure it out! 
If you want to compile it, go right 
ahead; it’s easy with the usual 
./configure, make, make 
install routine. But, once you get 
into the game, be prepared to be 
puzzled. | think it’s a space shooter, 
because the background is black, but 
that’s just a guess! Your goal is to 
fight off blobs with a strange control 
scheme that involves zooming, 
rotation and fire accuracy—all in a 
playing style that’s like Asteroids 
rewritten by a French existentialist 
on crack. Intrigued? Check it out! 


GnoMint—Graphical 
Certification Authority 
Management, X.509 


(gnomint.sf.net) 


Unfortunately, | couldn’t bring this 
project to you properly this month, 
as project maintainer David Marin 
Carrefno ran into some security holes 
that needed plugging before it was 
ready for the mainstream. However, 
the end results of this project look 
promising. Imagine you're trying to 
establish an IPsec VPN. If you want 


some actual security, you need X.509 
certificates for all employees. At this 
point, you either can buy the certifi- 
cates from an external CA (which 
costs money), or you can establish 
your own CA. Establishing your own 
CA always has been a bit of a pain. 
With OpenSSL, you need to use a 
console and log commands with a 
lot of obscure parameters. You could 
use other programs for managing 
CAs, but most of them are Web- 
based, and all you really want is a 
simple GUI application. GnoMint 
steps up to the plate here with a 
simple app that fits the bill nicely. 


AMIDE—A Medical 
Imaging Data Examiner 
(amide.sourceforge.net/index.html) 


HM O16 do eR) ei ee 


After running out of plot lines, CSI has 
turned its efforts to dead mice. 


| was instantly taken by the screen- 
shots for this program. AMIDE is a 
tool for viewing, analyzing and reg- 
istering volumetric medical imaging 
data sets. It uses the GTK+ toolkit 
and runs on any platform that sup- 
ports GTK+. Follow the link to the 
main page, and you'll be greeted 
with some amazing screenshots of 
what appears to be the human 
body and various anomalies. Follow 
the link to Sample Data Sets, and 
you'll see scannings of fluoride- 
injected mice that you can examine 
in full morbid detail! Whether 
you're scanning Ripley for gestating 
aliens or even using it for standard 
medical analysis (but that’s just silly), 
AMIDE may be just for you! 


helicopter and prophylactic in the 
same lesson instead of something 
more pertinent). To make a vocabulary 
file, simply make a new text file and 
enter any words you want to train 
with the following syntax: 


Foreign word=meaning1,meaning2,meaning3,etc. 
Here's an example from the Web site: 
Chef=chief,boss 


The foreign words and native 
definitions are separated by an equal 
sign (=), and multiple synonyms are 
separated with a comma (,). If you 
want to make any comments in the 
text file, add a number sign (#) in 
front of a line (in keeping with the 
style of most modern programming 
and scripting languages). Check here 
for an example file in German and 
English: vocatra.esite.ch/examples/ 
animals-de-en.txt. 

Once you have made your vocabulary 
file, you can start Vocatra by entering 
the following: 


$ vocatra vocabulary-file.txt 


Vocatra now presents the words 
you want to train with, and it's up to 
you to provide the answers. Once 
you've finished the lesson, a summary 
at the bottom of the screen tells you 
how many words you covered, how 
many mistakes you made, your error 
rate and the time it took you to 
complete the lesson. 

Ultimately, this is a great little niche 
program that's going to make a geek 
somewhere very happy. And, given its 
iny size and simplicity, | can’t see why it 
wouldn't be included in good educa- 
ional distros. Hopefully, a community of 
users will pool around this program, as 
it would be great if someone took the 
ime to make a series of lessons that 
you could use right off the bat (rather 
han making your own). 


John Knight is a 24-year-old, drumming- and climbing- 
obsessed maniac from the world’s most isolated city—Perth, 
Western Australia. He can usually be found either buried in an 
Audacity screen or thrashing a kick-drum beyond recognition. 


Brewing something fresh, innovative or mind-bending? Send e-mail to knight.john.a@gmail.com. 
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HARDWARE 


OpenMoko’'s Neo FreeRunner: 
Open to the Core 


The Neo FreeRunner has it all—Wi-Fi, Bluetooth, accelerometers—and best of 


all, it runs Linux. CORY WRIGHT 


Okay, I'll admit it. | have a love-hate relationship with the 
Neo FreeRunner. But please, let me explain. 

For more than a month now, | have carried the FreeRunner 
around with me. It is just such a cool little gadget, and | love 
what it represents: a completely open mobile device, the 
hardware and all. For those who are not familiar with it, the 
Neo FreeRunner is the highly anticipated mobile phone from 
the folks at OpenMoko. Although its previous phone, the Neo 
1973, was targeted at hard-core developers, the FreeRunner 
“is a Linux-based touchscreen smartphone ultimately aimed at 
general consumer use as well as Linux desktop users and soft- 
ware developers”. 


OpenMoko’s Neo FreeRunner 
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Even though the goal is eventually to have a general- 
purpose, consumer-friendly phone, the FreeRunner is not 
quite ready for the prime-time phone market just yet. The 
OpenMoko team is fully aware of this, and became slightly 
uneasy when they learned that Linux Journal wanted to write 
a review. As such, the aim of this article is not to talk much 
about the FreeRunner as a phone, but rather as a handheld 
Linux device for developers. 


A Dream Device 

A Linux geek couldn't ask for a better-equipped device than 
the FreeRunner. It comes with a 40QOMHz ARM processor, 
256MB internal Flash storage, 128MB RAM and a microSD 
card slot for extra storage. The wireless capabilities of the 
FreeRunner also are impressive. It comes with tri-band GSM 
(with the option of either 850MHz or 900MHz on the low 
end), as well as GPRS, Bluetooth and Wi-Fi (using the Atheros 
AR6K chipset). To make things even more fun, the OpenMoko 
crew included two accelerometers and an assisted GPS chip. 
The device is a little bulky though, as it measures in at 
120.7x62x18.5 millimeters and weighs around 180 grams. 
The FreeRunner is available on-line from openmoko.com for 
$399. If you plan to use it for serious development, you also 
may consider purchasing the $99 debug board that can be 
used to access the serial console. 

One of the more exciting features is the FreeRunner’s ability 
to boot from microSD cards. This means you can test other 
Linux distributions by installing them on microSD cards without 
formatting the main distribution that is installed in Flash. This 
flexibility is very exciting, and it offers an easy way to try 
before you buy. 

The hardware definitely is appealing, but the most attrac- 
tive thing about the FreeRunner is that it was built to run 
Linux. Although the official distribution of the FreeRunner is 
OM 2008.8, other options are available. Trolltech, the creators 
of Qt, produce the Qtopia distribution that runs very well on 
the FreeRunner. And, if you prefer a less-watered-down distri- 
bution, you'll be glad to learn that Debian also is available, in 
almost its entirety. Recently, an effort to port Gentoo to the 
FreeRunner has been started, and I'm sure other distributions 
will follow suit soon. 


As a Phone 
As I've said, | don’t plan to spend much time talking about the 
FreeRunner as a phone. However, any review of a device that 


is sold as a phone wouldn't be complete without at least cov- 
ering the basics. Unfortunately, the basics are about all there is 
to go on. The call quality is rather poor, and recipients of calls 
reported lots of static and popping on their end. Also, the 
interface is quite awkward, especially for advanced features, 
such as call waiting. There is no clear way to adjust the vol- 
ume, because there is no hardware volume control button. 
Text messaging is incredibly tedious, due to the impossibly 
small on-screen keyboard. 

There is a lot of room for improvement with the phone 
software. Much work needs to go into improving call 
quality before | would consider using the FreeRunner as 
a primary phone. 


As a Geek Toy 

Because | decided not to use the FreeRunner as a phone, | 
thought it might be more interesting to install a full-featured 
Linux distribution. | chose Debian, as it is easily available, 
has a wide selection of packages and is the distribution 
with which | have the most experience. 

The easiest way to install Debian is to run the install.sh 
shell script that is available from the DebianOnFreeRunner wiki 
page. You need to have an already-working installation of 
Linux installed on your FreeRunner, and it needs access to the 
Internet. You can use your desktop Linux PC or an installation 
of Linux in a virtual machine, such as VMware Fusion on 
Mac OS X. 

It is quite easy to route traffic from a FreeRunner through 
a Linux PC. Each of the available distributions use the same 
default networking configuration and give the FreeRunner an 
IP of 192.168.0.202. Plug the USB cable in to the FreeRunner 
and your PC, and run the following commands: 


# iptables -A POSTROUTING -t nat -j MASQUERADE -s 192.168.0.0/24 
# sysctl -w net.ipv4.ip_forward=1 
# ifconfig usbO 192.168.0.200 


If your network is already using 192.168.0.0/24, you may 
need to use a different subnet mask. Once the USB network 
link is up, you should be able to SSH into the FreeRunner as 
root, with a blank password: 


# ssh root@192.168.0.202 


You may find that DNS is not resolving correctly from 
within the FreeRunner. To correct this, simply add an OpenDNS 
cache address to the FreeRunner’s /etc/resolv.conf: 


# echo nameserver 208.67.222.222 >> /etc/resolv.conf 
# echo nameserver 208.67.220.220 >> /etc/resolv.conf 


If your supported microSD card is placed in the FreeRunner, 
you can begin installing Debian onto it: 


# wget http://pkg-fso.alioth.debian.org/freerunner/install.sh 
# DASH_BINSH=false SD_PART1_FS=vfat sh install.sh 


Here, we set the DASH_BINSH environment variable to 
false, so that the script installs the Bash shell instead of Dash. 
The SD_PART1_FS variable is set to vfat, so that the /boot 
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partition on the SD card will be formatted with vfat instead of 
ext2. Some versions of the FreeRunner’s bootloader, u-boot, 
do not support ext2, and although there are ways to remedy 
this, it simply is easier to use a vfat-formatted partition. You 
should have Debian installed within the hour, depending on 
the speed of your Internet connection. | must say, the Debian 
installers sure have improved a lot since the Potato days. 

You might have noticed that | said “supported microSD 
card”. According to the FreeRunner, all microSD cards are 
equal, but some microSD cards are more equal than oth- 
ers. The OpenMoko wiki has a page that lists all microSD 
cards that are known to work with the FreeRunner. | con- 
sulted this page and purchased two Kingston SD-C02G 
2GB microSD cards. The FreeRunner recognized the cards, 
and | was able to partition them and write files to them. 
However, during installation, | received errors that were 
apparently related to the SD media. | replaced the 2GB 
Kingston card with the 512MB SanDisk card that came 
with the FreeRunner, and the installation worked flawlessly. 
| later transferred the partitions from the 512MB card to 
the 2GB using my Kubuntu desktop PC. 

Once installation is complete, you will want to reboot into 
Debian. First, power off your FreeRunner. Once it has safely 
powered down, press and hold the AUX button (on the top- 
left side of the device), and press the power button until the 
u-boot menu appears. Press the AUX button until “Boot from 
SD” is selected, then press the power button again. After a 
minute or two, the zhone interface should appear and you 
should be able to make and accept phone calls, provided you 
are using a supported SIM card. 

As with microSD cards, the FreeRunner is rather picky about 
which SIM cards it accepts. When | first began testing the 
FreeRunner, | was using a first-generation iPhone as my primary 
phone. The SIM from my iPhone worked perfectly in the 
FreeRunner. A couple weeks later, | bought an iPhone 3G and 
received a new SIM with it, which also worked well with the 
FreeRunner. | eventually returned my 3G iPhone and received 
another new SIM card from AT&T. The FreeRunner would not 
register with the AT&T network via the new SIM. | tried a 
T-Mobile SIM to make sure there were no hardware problems, 
and it worked fine. After many, many hours of struggling 
with this issue, | finally discovered that there is a bug in the 
FreeRunner firmware that causes problems with certain SIM 
cards (OpenMoko bug #666). My previous SIM cards had a 
vendor and version number of 4022; however, the new SIM 
| received from AT&T had vendor and version number 2022. 
Unfortunately, the 2022 cards are newer and do not work 
with the FreeRunner. As it turns out, the OpenMoko wiki has 
a page that lists the compatibility status of various SIM cards. 
The good news is that once | figured out the problem, | was 
able to visit a local AT&T store and request a new 4022 SIM 
card, which they happily gave me. 


It’s the Little Things 

Although most of us are quite familiar with open-source 
development, we normally get that experience only with 
software. It is one thing for JavaScript bugs to exist in our 
WordPress blogs, because it is easy to overlook and we know 
it probably will be fixed soon. However, | discovered that 
there is something different when dealing with open-source 


48 | december 2008 www.linuxjournal.com 


hardware. Most mobile devices go through months of testing 
and QC and are, therefore, typically ready for daily use in the 
real world. Applying the open-source mentality to something 
like a mobile phone is actually pretty challenging. Although 
| may excuse WordPress for the JavaScript bug, | fully 
expect any and every microSD card and SIM card to work 
with a phone I've purchased. But, | guess that is the price 
of freedom, flexibility and openness. 

Although the FreeRunner includes all the internal compo- 
nents you need to develop something interesting, a few things 
are frustrating and could use improvements. For example, 
there is no hardware volume control and no way to switch to 
vibrate mode. Now, the FreeRunner has two buttons that can 
control software, so it may be just a matter of implementing 
the feature, but this is something that should be present on 
every phone. There are only two hardware buttons on the 
phone, which in itself isn't bad. However, the buttons are 
placed in awkward places on the sides of the phone. It is quite 
difficult to press either button while holding the phone in 
one hand. Powering on the device can be rather tricky, as 
you must hold the power button for just the right amount 
of time in order to get the device to boot. My girlfriend 
was unable to power on the FreeRunner even after studying 
it for a few minutes. 

The phone charges over its USB port, which is quite conve- 
nient, but unfortunately, the port also is located in an awk- 
ward spot. It is difficult to make a call while the phone is 
plugged in, as the port is on the right-hand side of the phone, 
where your hand is normally gripping the phone. 

Also, the battery must not be completely drained. 
According to the OpenMoko wiki, “this is an issue because 
the internal charging circuitry cannot be turned on until the 
FreeRunner has booted, and booting through USB power 
alone does not work.” It’s the little things. 

It’s also the big things, like the stylus that comes with the 
FreeRunner. Every time | showed the FreeRunner to people, 
they laughed (out loud) when they saw the enormous stylus. 
In addition to being a stylus, it also functions as a full-sized 
pen, a flashlight and a laser pointer. Making matters worse, it 
contains four small batteries (to power the flashlight and laser 
pointer) at the opposite end from the tip that weigh it down 
and make it difficult to focus on small points on the screen, 
such as the keyboard. The “Matchbox” keyboard that is 
provided with the Debian distribution is marginally better 
than the one used by OM 2008.8 and Qtopia, but they 
both are painful to use. 

| also found it rather annoying that | needed to remove the 
back of the case, the battery and the SIM card to swap out 
the microSD card. | was really looking forward to being able to 
boot multiple distributions during testing, but having to jump 
through these loops made that task a bit more tedious. 

Speaking of loops, for the life of me, | cannot figure out 
why there is a lanyard loop on the bottom of the phone. 

Oh, and it would really be nice if the FreeRunner provided 
a standard headphone jack rather than the 2.5mm jack that 
is included. 


The Future of OpenMoko 
Despite these issues, | still feel that the OpenMoko team is 
doing tremendous work, and | am continually impressed as 


| dig deeper into the project. They are very clear that the 
FreeRunner is just a canvas for the community to build 
upon, as stated in this quote from OpenMoko developer 
Sean Moss-Pultz: 


Think of our products as museums. We're building the 
environment. Each one different from the next. You'll 
get all the free art supplies you could imagine because 
we want you to add your own meaning. You choose: 
consume, create or both. Either way, you create your 
own meaning. It's about you. 


| think that the OpenMoko team should reconsider the 
goal of eventually producing a consumer-usable phone. There 
are already plenty of those, and there isn’t much else out 
there that is similar to the FreeRunner. Personally, | love the 
fact that | can run Debian on my phone. Having said that, 
| think there are a few areas where the OpenMoko team 
should focus their efforts. 

First, the phone stack really needs work. The FreeRunner 
becomes a much more compelling alternative when | can use 
it as a phone. The call quality is currently bad enough that | 
would not recommend relying on it as your primary phone. | 
would rather carry a single device, rather than the FreeRunner 
in addition to a phone. 

Second, the documentation is a mess. There is a lot of 
information on the OpenMoko wiki, 


is a lot of fun. Linux geeks don’t mind getting their hands 
dirty, so it is nice to have a gadget that can challenge us. 


Cory Wright has been using Linux since 1998, and mobile phones even longer. He is a developer 
and sysadmin at natuba.com, where he enjoys beating Will Reese at foosball and Wii Tennis. 
His Web site is at dnsfool.com. 


Resources 


OpenMoko Web Site: www.openmoko.com 
OpenMoko Community Wiki: wiki.openmoko.org 


Debian on the FreeRunner: 
wiki.debian.org/DebianOnFreeRunner 


Supported microSD Cards: 
wiki.openmoko.org/wiki/Supported_microSD_cards 


Supported SIM Cards: 
wiki.openmoko.org/wiki/Carriers/ATT 


OpenMoko’'s Sean Moss-Pultz on Design: 
tinyurl.com/571r334 


but it is horribly organized, poorly 
written and often out of date. Many 
pages seem to hold the answer to 
your question, until you realize that 
the page was written for the Neo 
1973, the FreeRunner's predecessor. 
Although a wiki follows in the spirit of 
a community-organized project, I’m 
not sure it’s the best way to present 
official documentation. | spent a lot of 
time reading the wiki, only to become 
more confused. 

Finally, OpenMoko should make a 
strong effort to support more microSD 
and SIM cards. Dealing with these @ “1 new 
two issues was probably the most 
frustrating thing about my experience el 
with the FreeRunner. 

Oh, and a note for the OpenMoko 
Marketing department. The people who 
buy the FreeRunner at this point are 
doing so because they really want to get 
involved and play with this cutting-edge 
device. This is the community; these are 
your fanboys and fangirls. They will 
support you and advertise for you, 
so how about including a couple 
OpenMoko stickers in the box? 

| look forward to seeing what 
develops around OpenMoko and the 
Neo FreeRunner. There is still a long 
way to go before it is a usable phone, 
but as a geek gadget, the FreeRunner 
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HARDWARE 


Dash Express 


You are always on the Internet, so why shouldn't your GPS be? Read on for a review 
of the Dash Express GPRS-connected GPS system. KYLE RANKIN 


| spend a lot of time in my car. Like a fair number of people 
who work in the San Francisco Bay Area, | commute a long 
distance—in my case, 60 miles one way. I’ve learned to time 
my commute to avoid the worst of the traffic, but | still spend 
about three hours each day in my car. I've tried different GPS 
(Global Positioning System) units here and there, but because 
most of my time in the car is spent going to the same place, | 
don’t typically need a lot of driving directions. A GPS would sit 
unused only until | travel or go to a new restaurant, which is 
only every once in a while. 


Introduction to the Dash Express 

Now, | like gadgets at least as much as the next Linux 
geek, so when | first heard about the Dash Express GPS, 

| instantly was intrigued. Basically, Dash has created a 

new GPS unit aimed at the commuter market. This GPS adds 
a GPRS cellular connection, so that it has an always-on 
Internet connection while you drive. The Internet connection 
can be used to get new software updates and maps, but 
one of the main selling points for the Internet connection 
is improved traffic, routing and search data. The Dash net- 
work keeps track of each GPS unit anonymously and com- 
bines its data with traffic sensors and other data points to 
gauge up-to-the-minute traffic data it then shares with 
each Dash user. 

The Internet connection also allows the Dash Express to 
source other Internet services when you do a search. Along 
with the built-in database of locations of interest, you also can 
search Yahoo for anything from the closest coffee shop to the 
best sushi place nearby, as Yahoo searches not only return 
locations but also ratings for each result. 

One of the most interesting aspects of the Dash for me 
and other Linux users is the open-source nature of the device. 


For one, the hardware itself runs Linux. The hardware is actually 


similar to what is being used in the OpenMoko cellphones. In 
addition, Dash has opened its API, so interested parties can 
register as developers and write their own applications to run 
on the Dash Express. Later in this review, | talk about my own 
experience writing a Dash application. 


Pricing 

Of course, the GPS unit and cellular connection aren't free. 
The Dash Express currently retails for $299 and includes 
three months of free cellular connection. After that, the 
cellular connection costs $12.99 with a month-to-month 
contract, $10.99 per month with a one-year contract and 
$9.99 per month with a two-year contract. If you choose 
not to renew the cellular connection, the unit still func- 
tions like a standard GPS, but you no longer will be able 
to use Send2Car, Dash applications, Yahoo searches and 
other features that require the Internet. 
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Standard GPS Functions 

Although the Internet features might seem cool, a GPS device 
still needs to be able to find your destinations and route you 
there correctly. Plus, if you don’t renew the cellular connection, 
you'd like to know that the device still would be useful. 
First, though, let me point out the elephant in the room. 
One of the first things you will notice about the Dash 
Express is that it is big compared to other modern GPS 
devices (4.8"Wx4.1"Hx2.8"D and 13.3 ounces). Although 
the face of the device is about the same size as other 
devices, it's as thick as the Garmin GPSes from a few gen- 
erations ago. Along with its thickness, the top of the 
device actually extends back a few inches in a sort of L 
shape and houses the speaker. Unfortunately, this means 
you won't be storing the Dash Express in your pocket or 
possibly even in a small glove compartment. 

The installation is pretty straightforward, and out of the 
box, the device will connect to a cellular network (or open 
Wi-Fi access point) for any Internet features. The interface 
itself is simplified compared to some other GPS units and relies 
almost entirely on the touchscreen for input, apart from a 
physical menu and volume button on the top of the device. 
When you calculate a route, you will see and hear turn-by-turn 
directions from the main map screen. The interface is pretty 
clean (Figure 1) with most of the screen taken up by the map. 

As a standalone GPS, the Dash is so-so. A few times | 
searched for a business only to find that when | got there it 
was out of business. The routing isn't entirely perfect either 
and seems to favor larger highways and more direct routes, 
even if they are slower. My town has four different exits on 
the highway, but even though the first exit is the fastest, the 
Dash always routed through a different exit. There is a particu- 
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Figure 1. Dash Express Interface 


larly bad bottleneck along my commute that occasionally 
backs up for miles. There's an alternate route to my house 
right before the bottleneck that normally takes longer except 
when there is very heavy traffic at the bottleneck, but the 
Dash seemed unaware of this as an alternate route. 

The Dash does appear to be dealing with the routing issues 
actively. You can report a problem directly from the device, 
and it will tar up all of its logs and other information about 
your current location and send it off to Dash via the cell con- 
nection. Once you get home, you will see an e-mail response 
in your inbox, and you can go to Dash's Web site to fill out 
the details of your problem. | did, in fact, report an issue 
with routing around the bottleneck, and Dash was quick to 
respond. Apparently, the next iteration of its map and routing 
internally does not have the issue, so presumably my problem 
will be fixed at the next update. 


Connected GPS Functions 

There are a lot of different GPS units from which to choose, 
but the Dash Express is the first to include a cellular connec- 
tion in its device. It really is the main feature that differentiates 
it from competitors, so it's even more important that this 
extra functionality is compelling. So, how do the Internet 
features fare? 

When the Dash Express has a cellular signal, you will 
see the word connected on the search button at the main 
menu. Without a cellular signal, you can perform only local 
search, and the rest of the search options are grayed out. 
When connected, the default input box at the search win- 
dow searches Yahoo for keywords you enter. In addition to 
the Yahoo searches, there are a number of saved search 
categories, including Airports, Food, Gas and Movie 
Theaters. The Gas and Movie Theater saved searches make 
special use of the Internet connection. The Movie Theater 
search will not only show you the theaters in your area, 
but it also will list the current show times. For the Gas 
search, each result also includes local gas prices along with 
how recently that information was gathered. You also can 
sort your results by price, which makes it quick and easy to 
find the cheapest gas in your area. 

One of the most-touted features of the Internet con- 
nection is live traffic information. As | mentioned before, 
the Dash anonymously gathers the location information of 
all Dash units and combines it with trusted road sensors, 
information from commercial fleets and other data sources 
to create what it calls the Dash Network. On the main map 
screen, each street with traffic data shows up color-coded. 
Green represents good traffic; yellow indicates slight con- 
gestion; orange, moderate traffic; and red means heavy 
traffic. In addition, the Dash uses solid lines when the traf- 
fic information comes from its trusted Dash Network and 
dotted lines when the information is from less-trusted 
sources. So essentially, if someone else with a Dash Express 
is on the same road ahead of me, | can get very accurate 
traffic information. As you drive to your destination, if the 
GPS unit detects traffic ahead, you will get an alert on 
your screen with the option to calculate alternate routes. 

One of the more straightforward Internet features is 
Send2Dash. Often one of the more annoying features of 
a GPS is typing in an address on the touchscreen. With 


Send2Dash, you can log in to a custom portal on the Dash 
site, type in an address and then send it to your own Dash, 
where it will show up the next time it starts. This makes it nice 
and easy to build an address book. There's even a Firefox plug- 
in, so you can highlight an address and then right-click and 
select Send to Car. 

The Internet-enabled features on the Dash—specifically the 
enhanced searches—are great features, especially the Gas 
search. The Yahoo searches also work well as a supplement 
and second opinion to the internal map of destinations. 
The traffic, however, is a mixed bag. When it's accurate, it 
has been a lifesaver. It takes some time and familiarity with 
the map to interpret what light, moderate or heavy traffic 
really means, and how much weight to give to the dotted 
less-reliable traffic lines. Once you figure it out, however, 
you can search ahead while you commute and often see 
problems before they affect you. 

On the downside, traffic information isn’t always as 
“live” as I'd like it to be. I've seen a situation or two where 
I've been in pretty heavy congestion or even in stopped traffic 
a number of minutes before the Dash updates. Of course, 
maybe I’m the traffic canary in the coal mine helping the rest 
of the Dash community in the Bay Area. | know that Dash 
is working on traffic reporting, but for now, | recommend 
supplementing the Dash data with something like the 
Yahoo Traffic Incidents Dash application. 


Dash Apps 

Like Apple with the iPhone, the Dash has allowed third parties 
to write custom applications, “Dash apps”, for use on the 
device. The applications are easy to add from Dash's Web 
portal, and so far, all of them are free. There are a number 
of interesting applications, but here are some of the more 
notable ones: 


™@ Trapster—search for and report speed traps and red-light 
cameras along your route. 


m Weatherbug—weather forecasts for your location or 
destination. 


m@ Yahoo Traffic Incidents—accidents or slowdowns along 
your route. 


@ Trulia—local available real-estate with pricing. 


@ Baktrax—a list of local radio stations and the last few songs 
they played. 


All in all, the Dash apps are one of the more compelling 
reasons to have a Dash Express right now. It’s these sorts 
of programs that move the Dash from a standard GPS to 
use when you are lost to a GPS you use on your dashboard 
every day. 


Developing Dash Apps 

Earlier in the year, the Dash opened up its API to the commu- 
nity, so anyone could register on its site as a developer and 
write custom Dash apps. Since then, the API has been updated 
and expanded with some new features, and it still appears to 
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Listing 1. The Script 
#!/usr/bin/perl 
use CGI qw(:standard) ; 


my $infile = 'maintenance. txt'; 


my $mileage_range = "10000"; # Only show entries within this range 


if (param()) 

{ 
$requestType = param("requestType") ; 
$serviceld = param("serviceld"); 
$point = param("point"); 
$count = param("count"); 
Soffset = param("offset") ; 
$sort = param("sort"); 
$signature = param("signature") ; 
$mileage = param("q"); 
my %hash; 
my $items = Q; 


parse_infile($infile, \%hash) ; 


foreach (sort keys %hash) { 
if(abs($_ - $mileage) < $mileage_range) { 
next if($hash{$ }{'c'} == 1); 


$delta = $_ - $mileage; 
if($delta >= 0){ 
$title = "$_ - $hash{$_}{'desc'}"; 
$desc = "<![CDATA[<html>In <b>$delta</b> 
»miles:<br>$hash{$_}{'desc'}</html>]]>"; 
} 
alse 
$title = "PAST DUE: $hash{$_}{'desc'}"; 
$desc = "<![CDATA[<html><font color=#FFQ000> 
<b>". abs($delta) . "</b> miles <i>PAST DUE</i> 
=»</font>:<br>$hash{$_}{'desc'}</html>]]>"; 
} 


$output .= output_result($title, $desc); 
$items++; 


be in active development. Even so, there already seems to be a 


pretty active developer community springing up in the Dash 


forums, and quite a few community-developed Dash apps are 


already available on the site. 
| wanted to see how easy it was to develop my own 
Dash app, so | downloaded the latest edition of the API 


documentation, registered as a developer on the site, and 
started with a sample PHP program | found on the forum. 


Essentially, when you conduct a search with a Dash app, 


the Dash Express then sends an HTTP GET to a Web service 


you specify that contains a few variables including the 
Dash’s GPS location and potentially a custom value from 
a text entry window on the Dash itself. Your Web service 
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print header('text/xml') ; 

print '<?xml version="1.0" encoding="UTF-8"?> 
. "\nsresultSet>" 
. "<serviceld>$serviceld</serviceld>" 
. "Scount>$items</count>"; 


print $output; 
print “</resultset>’ ; 
exit 


sub output_result { 
my $title = shift; 
my $desc = shift; 
my $output; 


$output = "\n<result>" 
. "<title>$title</title>" 
. "<description>$desc</description>" 
“SiresuLt> 


return $output; 


sub parse_infile { 
my $infile = shift; 
my $href = shift; 
my ($mileage, $desc, $completed) ; 


open INFILE, $infile or die "Can't open $infile: $!\n"; 
while(<INFILE>) { 
chomp; 
$mileage = $desc = $completed = ""; 
($mileage, $desc, $completed) = split ',', $_; 
$$href{$mileage}{'desc'} = $desc; 
$$href{$mileage}{'c'} = $completed; 
} 
close INFILE; 


replies back with its results formatted in some basic XML 
(the structure is defined in the API documentation) that 

the Dash then displays. Here’s a sample of the XML output 
that Dash accepts: 


<?xml version="1.0" encoding="UTF-8"?> 
<resultSet><serviceld>10114</serviceId><count>1</count> 
<sort>di</sort> 

<result><title>Title</title> 
<point>38.2440154167-122.6531425</point> 
<description>requestType->search serviceld->10114 
point->38.24401541666667 -122.6531425 count->20 


offset->0 sort->null signature->ed00Q2f9a2f86013c9af fd8d9e1b9FIDe 


</description><address>12000 San Jose 
Blvd</address><city>Jacksonville</city> 
<regionCode>FL</regionCode><countryCode>US</countryCode> 
<postalCode>32223</postalCode></result></resultSet> 


After all these years, | still tend to favor Perl for this 
sort of thing, so the first thing | did was port the sample 
PHP script to Perl. Once | got that working, | decided to 
try to write something actually useful. | wasn’t ready to 
dig heavily into sourcing sites like Google Maps for loca- 
tion data, so instead, | decided to write something more 
basic. | planned to write an application that would take 
the current mileage as input and then read from a basic 
CSV file and report back any maintenance due within plus 
or minus 10,000 miles. The first column in the CSV file has 
the mileage when the maintenance was due, the second 
column has a description of the maintenance, and the 
third column is optional but had a 1 or 0 depending on 
whether the task was completed. Here's some sample lines 
from the file: 


151000,Change Oil,1 
156000,Change Oil and Filter,1 
161000,Change Oil 
160000,Replace Tires 
180000,Replace Coolant 
160000,Replace Air Filter 


Listing 1 shows the script that reads from the file and 
outputs the XML for the Dash. 

It's pretty basic, but it works. The whole process from test- 
ing the PHP script to writing the final application took only 
about two hours. Once you write the program, you can create 
a new Dash app instance via an interface on the my.dash.net 
site and add it to your saved searches. You also can choose to 
keep the program to yourself, or you can make it public so 
any Dash user can use it. 

The ease of developing applications for the Dash is a 
definite plus for me. There are still some limitations in its 
API (for instance, there is only one text box available for 
user entry at the time of this writing), but the API still 
appears to be under heavy development and already has 
had feature updates. Even as it is, if you have some imagi- 
nation and some programming ability, you can write some 
pretty useful applications. 


Hacking the Dash 

Okay, so | couldn't help myself. Here was a device that | knew 
ran Linux with not only a GPRS connection, but also a Wi-Fi 
connection. There had to be a way to get to a Linux prompt 
on the thing. 

First, | let the Dash associate with my home Wi-Fi and then 
tried to SSH to it. It turns out, it actually does have SSH listen- 
ing; however, | didn't know the password (if there even were 
one, | haven't had a chance to attempt SSH brute-force 
attacks yet), and it could use SSH keys. 

The Dash Express does have a USB port on the side and 
even comes with a USB cable to connect it to your computer, 
but currently, there is no official use for this port other than 
charging the battery. When you connect it to Linux, dmesg 


gives some hope: 


Sep 1 21:53:11 minimus kernel: 1447. 814648] 
usb 2-1: new full speed USB device using uhci_hcd 
and address 2 
Sep 1 21:53:11 minimus kernel: 1447 880419] 
usb 2-1: configuration #1 chosen from 2 choices 
Sep 1 21:53:11 minimus kernel: 1448 .182503] 
usb0: register 'cdc_ether' at usb-0000:00:1d.1-1, 
CDC Ethernet Device, d6:a5:89;03:18: fe 
Sep 1 21:53:11 minimus kernel: 1448. 182834] 
registered new interface driver cdc_ether 
Sep 1 21:53:12 minimus dhcdbd: message handler: 
message handler not found under /com/redhat/dhcp/usb0 
for sub-path usb0.dbus.get.reason 


usbcore: 


So, the device does show up as some sort of USB Ethernet 
device. Some research on the Internet led to a page that 
described how the OpenMoko phone had a similar connec- 
tion, but unfortunately, if the Dash Express assigned itself a 
Static IP, it didn’t use the same one as the OpenMoko. | tried 
an nmap host discovery on all of the private IP space and even 
collected a few minutes of packets from the USB network to 
see whether there were any clues there, but as of yet, | 
haven't been able to get into the device. 


Conclusion 

Overall, the Dash Express is a very interesting GPS device. The 
Linux user in me wants to root for the underdog, especially if 
that underdog uses Linux as the OS on the device. The pro- 
grammer in me is really drawn to the open API and the ability 
to write my own applications on the device and use the appli- 
cations from a community of developers. The commuter in me 
likes a device aimed at delivering accurate traffic data. The 
gadget geek in me likes the concept of adding an Internet 
connection to a GPS device and is really interested in the 
potential that sort of improvement brings. 

When it comes down to it, potential is the keyword for the 
Dash Express. Today, the Dash is a very useful GPS product with 
some advanced search features and Dash apps that no other 
competitor has—it just has some rough edges in some of the 
more fundamental GPS functions. It’s the overall potential of 
the platform that is most compelling to me. | know that the 
rough parts are being worked on actively, and in the meantime, 
the community has added some great new free features to the 
device. As long as Dash can stay responsive to its users and 
especially to its developers (and maybe give us Linux geeks a 
peek under the hood), | think it's the GPS for geeks.m 


Kyle Rankin is a Senior Systems Administrator in the San Francisco Bay Area and the author of a 
number of books, including Knoppix Hacks and Ubuntu Hacks for O'Reilly Media. He is currently 
the president of the North Bay Linux Users’ Group. 


Resources 


Official Dash Site: www.dash.net 


Dash Customer Portal: my.dash.net 
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HARDWARE 


Acer Aspire One 


Acer Aspire One—just another Netbook or the pinnacle of tiny computing? JES HALL 


The runaway success of the ASUS Eee PC has defined an 
entirely new market segment—the Netbook. Other manufac- 
turers have quickly followed suit, and consumers now can 
choose from a veritable bevy of models. 

The $329 Aspire One from Acer is a relative newcomer, 
and it’s clear that Acer looked very carefully before it leapt. 
With a glossy finish, rounded corners and subtle orange 
highlights, the Aspire One is all class. At 250x30x170mm, 
the Aspire One fits comfortably between the 9" Eee PC 
models and the 10" MSI Wind in size. This extra width is 
well used in providing a large keyboard with excellent travel 
and response. In order to accommodate the keyboard, the 
touchpad is very narrow, with the buttons to the left and 
right rather than above. The system weighs a very svelte 
two pounds. 

Aesthetically, the Aspire One is extremely pleasing. The 
review unit we were sent is the deep-blue model; white 
is also available, with bronze and pink models to follow. 
Our only complaint is that the high-gloss finish very soon 
became a mess of smudges and fingerprints. This may not 
bother some, but we're the sort who tend toward obses- 
sive polishing. The screen is frankly excellent—bright and 
clear with good contrast and crispness. It has a glossy 
finish, but the extra reflections were well worth the clarity 
and colour richness gained. 

The Aspire One sports an impressive array of ports, 
with three USB ports, VGA-Out, 10/100 Ethernet, a head- 
phone and microphone jack and two SD card readers. One 
is designed to read cards from removable storage devices, 
supporting MMC, xD and memory stick pro as well as SD. 
The other is labeled Memory Expansion, and it will add 
any memory card you insert dynamically to the available 
storage on the Aspire One. 

Inside, the Aspire One is built around Intel’s new Atom 
processor—the current de facto standard for Intel-based 
Netbooks and Nettops. The Atom is Intel’s smallest chip, 
designed specifically for low-powered MIDs (Mobile Internet 
Devices). The 1.6GHz CPU present in the Aspire One is 
single core but supports hyperthreading. Although not as 
fast as true dual-core, hyperthreading gives a noticeable 
performance boost on this type of CPU, without much 
increase in energy consumption. 

Although the focus of the Atom is power efficiency, its 
performance is quite reasonable, handling light content cre- 
ation and media playback with aplomb. During our testing, 
the Aspire One never heated up past warm, and although the 
fan was at times audible, it was a low-pitched noise and not 
bothersome. The system features an 8GB SSD, 512MB DDR2 
memory and 802.11b/g Wi-Fi. No Bluetooth or cellular modem 
is available on this model. 

The operating system shipped is Linpus Linux Lite, a 
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Figure 1. Acer Aspire One 


Taiwanese distribution based on Fedora 8 and Xfce 4. For rea- 
sons we are completely unable to fathom, Acer chose to ship 
the Aspire One with a default window border that mimics 
Windows XP. Thankfully, this is easy to change. Acer has really 
polished the user interface, adding a full-screen application 
launcher with program entries divided into Connect, Work, 
Fun and Files, with a fifth Settings category accessible by 
clicking on its icon at the lower right of the screen. A selected 
few applications from each category are displayed on the 
main launcher screen with additional applications accessible 
by clicking the More arrow. 

A search box is embedded at top right that launches 
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Figure 2. The Aspire One Default Desktop 


Firefox and provides Yahoo Search for any given search 
query. There doesn’t seem to be a way of changing this 
search preference, which was disappointing. The Aspire 
One we reviewed had Yum repositories configured, allow- 
ing us to add extra software from the main Fedora distri- 
bution. In the limited time we had, we were unable to 
work out a way to add any kind of additional application 
launcher to the Aspire One's interface. Additional applica- 
tions still can be launched through the standard Xfce run 
dialog, bound to Alt-F2. 

The wireless support is very good, based on Network 
Manager, which has become a standard in most modern distri- 
butions. The Aspire One front end is simplified, and support 
for some authentication options has been removed—we were 
unable to find a way to connect to a Cisco LEAP corporate 
network, which is a limitation that probably affects almost no 
one. For home and hot-spot wireless use, the Aspire One has 
WPA and WEP configurations covered. 

Most “Connect” applications are covered by Firefox 2 
with Adobe's Flash plugin. Links to Wikipedia, Google 
Maps and Hotmail are listed, along with the applications 
Browser, Messenger, Mail and RSS Reader. Mail, RSS 
Reader, Contacts and Calendar actually are all combined 
into a single Acer-branded application. The RSS Reader is 
the simplest by far, allowing you to add a feed by URL and 
providing an e-mail-like interface. Calendar and Contacts 
both do exactly what you would expect—allow you to add 
appointments and contacts. 
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Figure 3. Aspire One Mail 


Aspire One Mail is a mixed bag. The interface is clean 
and attractive, and the accounts wizard was a breeze. 

POP access works great, but we noticed some very odd 
behaviour on IMAP accounts. Every message in the inbox 
was marked as new, and we couldn't see how to access 
any other IMAP folders. It seemed to be applying the POP 
paradigm to IMAP, badly. 

Acer’s One Messaging is built on the libpurple framework 
that powers Pidgin. Unfortunately, Acer chose to expose only 
Yahoo, MSN, AIM and Google Talk support in its configuration 
dialog, even though the underlying support for other protocols 
has been included. The interface is extremely simple, with lim- 
ited customization. An option to adjust font sizes in particular 
would have been appreciated. 

We tested Webcam support between a Macintosh running 
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Figure 4. Aspire One’s Messenger 


Actions Tools 


&X canllaith is inviting you to start viewing his/ 
her webcam. 


you have accepted the invitation to start 
viewing canllaith's webcam. 


& invite canllaith to start viewing your 
webcam. 


&canllaith has accepted your invitation to 


Gl canilaith start viewing your webcam. 


Connection established. 


Figure 5. Yahoo Video Chat 


the official OS X Yahoo Messenger client and the Acer 
Aspire one. The Webcam quality was certainly acceptable, 
delivering clear images even in low-light conditions, and it 
worked out of the box with no configuration required. 

The Work category is mostly filled out with the 
OpenOffice.org suite, at version 2.3.0. The previously 
mentioned Aspire One Contacts and Calendar application 
is included, as is a simple notepad (xpad) and calculator 
(galculator). We found OpenOffice.org’s performance 
reasonable on the Atom, but certainly nothing to write 
home about. 

The Fun category includes a wide range of games, a 
Webcam application that will capture images from the built-in 
camera and KolourPaint. Acer also has included two more 
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: aia 


Although the focus of the Atom is 
power efficiency, its performance 
is quite reasonable, handling 
light content creation and media 
playback with aplomb. 


custom applications, Media Master and Photo Master. 

There’s not much to say about Photo Master—it shows 
thumbnails of your images and allows you to display them 
as a slideshow. As far as we could ascertain, it had no 
editing capabilities. Media Master was a bit of a puzzle— 
we tried quite a few media formats and couldn't get it 
to play many. It was unable to play AVI video or FLAC 
audio files, although it did do an exceptional job of 
playing commercial DVDs from an external DVD drive. 
MP3 and Ogg are both supported. 

The Aspire One's speakers were about what one would 
expect from a Netbook—really adequate only for system 
beeps—but the headphone jack delivered clean, excellent 
sound through our extremely unforgiving Sennheisers. 

Files is covered entirely by the Xfce file manager, 
Thunar. Removable storage and external CD/DVDs are 
detected and accessible through Thunar's disk view. We 
attempted to get the Aspire One to recognise a current- 
generation iPod Nano and a Canon IXUS digital camera. 
Neither were recognised by the OS. Personal media players 
that appear as an external hard disk can be used with 
the Aspire One. 

The only real weak point we found on the Aspire One 
was its battery life. With wireless on and the backlight on at 
around half, we managed to eke out a little less than three 
hours of Web surfing and light content creation. A 6-cell 
battery is available, but at the time of this writing, it was 
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Figure 6. Media Master 


retailing for $119, which is quite steep given that the Aspire 
One is only $329 itself. Acer has confirmed an Aspire One 
with the 6-cell built in at a much lower package price soon 
will be available, which will mitigate this issue. 

Ultimately, we were pretty happy with what we saw. 
The large keyboard, exceptional screen and slick operating 
system made the Aspire One a joy to use. The Aspire One 
is strong competition for the original Eee PC series and 
provides a cheaper alternative to the new Atom-based 
Netbooks. Those who intend to use the built-in Linux 
rather than install their own flavour are well served, 
finding a more polished experience with the Aspire One. 

If you are looking for a device that can handle media 
playback of many formats, you may be better off looking 
elsewhere. If you want a lightweight and attractive device 
for cloud computing and light content creation, the Aspire 
One is for you.m™ 


Jes Hall is a Linux Systems Specialist from New Zealand. She's passionate about helping open-source 
software bring life-changing information and tools to those who would otherwise not have them. 


13=(¢, il. Treating Compressed and Uncompressed Data Sources the Same 


Occasionally, you need to process a number of files—some of 
which have been compressed and some which have not (think 
log files). Rather than running two variations, one compressed 
and one not, wrap it in a bash function: 


function data_source () 


{ 
local F=$1 


H Siva) che e2) lite altaSe chene 
F=$(echo $F | perl -pe 's/.gz$//') 


ia? (I, =P SF al 
cat $F 
ei (i sf Sirf I) 3 


; then 


then 
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nice gunzip -c $F 
(fal 
} 


which nicely allows: 


for ile idm ~ 3 clo 
data_source $file | ... 
done 


Whether you're dealing with gzip’d files or uncompressed, 
you no longer have to treat them differently mentally. 
With a little more effort, bzip files also could be detected 
and handled. 


—DAVID A. SINCK 
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Power Up! 


A Review of the YDL PowerStation. 
DANIEL BARTHOLOMEW 


On June 6, 2005, hell froze over, and Apple announced it was 
abandoning the PowerPC architecture it had helped develop in 
favor of processors from Intel, a company Apple had actively 
mocked for years. By August 2006, the transition was complete, 
and the largest maker of computers based on the PowerPC (or 
Power) architecture had become an Intel-only shop. 

This transition affected one company more than almost 
anyone else. Terra Soft Solutions of Loveland, Colorado, has 
been working with Linux on PowerPC hardware longer than 
just about anyone. Its flagship product is Yellow Dog Linux 
(YDL), and for years, Terra Soft’s major business was selling 
Apple PowerPC hardware with YDL pre-installed on it. Terra 
Soft actually had the distinction of being the only Apple 
reseller authorized to sell Macintosh hardware with something 
other than Mac OS installed on it. With Apple now out of the 
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picture, Terra Soft’s primary business had to change. 

For the past couple years, Terra Soft has focused a lot of its 
attention on server products from IBM and on the PlayStation 3 
from Sony. Now, with the PowerStation, Terra Soft is taking a 
step into the hardware business Apple vacated. Its Web site says 
it all in a single sentence: “The Power workstation is back.” 


Figure 1. The internals of the PowerStation are easy to get to, and the 
box has numerous expansion opportunities. 


Chips based on the Power architecture are found in many 
devices and products—from cars to mainframes to robots. 
Customers who relied on Apple for PPC-based workstation 
hardware were left in the lurch with Apple's Intel switch. For 
those that need it, being able to run PPC code without emula- 
tion on their local workstation is a big plus. The PowerStation 
was created to provide these developers with a high-quality 
open-source-friendly workstation. Not only is it more powerful 
than any PPC-based Power Mac from Apple, it also is more 
open and expandable. 


The Hardware 

The PowerStation comes with two dual-core 2.5GHz IBM 
970MP processors, with 1MB of L2 cache per core. For memory, 
there are eight 667MHz DDR2 DIMM slots that allow the 
box to accommodate up to 32GB of RAM. Local storage is 
handled by a four-port SAS RAID controller and a single IDE 
controller. My test box was configured with a single 70GB 
SAS drive, 2GB of RAM and a DVD/CD-RW drive—nothing 
earth shattering, but decent enough. 

Networking for the PowerStation is handled by dual 
Broadcom HT2000/BCM5780 Gigabit Ethernet ports. For serial 
I/O, there are two USB ports on the back and a couple more 
on the front of the case, two RS-232 serial ports and a single 
RJ45 VTY console port to round things out. 

For expansion, the motherboard has a single PCle x16 con- 
nector (that comes filled with a 512MB ATI X1650 Pro graphics 
card), two PCle x8 connectors and a single PCI-X connector. 

Finally, power for the box is supplied by an 815-Watt 
power supply. 

Accessing the box’s internals is easy. The entire side of the 
case pops off at the press of a latch. The four SAS hard drive 


Figure 2. The Back of the PowerStation 


Figure 3. The graphics card in the PowerStation was switched at the 
last minute to this ATI X1650 Pro. 


bays can be reached from behind a front panel that pops off 
just as easily as the side panel. 

The firmware for the box is the Slimline Open Firmware 
(SLOF)—a BSD-licensed version of Open Firmware (IEEE-1275), 
which is what Apple used on its PowerPC-based Mac computers. 

There is no sound card built in to the PowerStation. | asked 
the fine folks at Terra Soft about it, and they replied that they 
were exploring options with regard to sound output and that 


Figure 4. The PowerStation opens with the touch of a button. 


Figure 5. The PowerStation motherboard is dominated by the two IBM 
970MP processors. 


they would be releasing a solution soon (hopefully, it will be 
in place by the time you read this article). They said it likely 
would be in the form of a USB sound card dongle instead of 
an internal PCle card (in order to save precious PCle slots for 
more important duties). 

One final note on the hardware is that the PowerStation 
fans make a lot of noise. It's not as loud as a rackmount 
server, but it’s louder than my scratch-built home server (and | 
think that it's too noisy at times). On top of the normal noise, 
the fans on the PowerStation cycle up and down as needed to 
keep the system at the optimal temperature, which causes the 
noise level to fluctuate from loud to very loud almost at ran- 
dom. The noise level is not too bad for a normal office envi- 
ronment, but it would be far too loud in a quieter space (such 
as a recording studio). 


The Software 

The PowerStation comes with Yellow Dog Linux 6 pre- 
installed. YDL began life in 1999 as an alternative to the Mac 
OS on Apple’s PowerPC hardware. It is based on Red Hat 
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There are a few more steps to take before your system is ready to use. The Setup 
Agent will now guide you through some basic configuration. Please click the 
“Forward* button in the lower right corner to continue. 
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Figure 6. On initial boot, the PowerStation walks you through setting up 
an initial user. 


Enterprise Linux and Fedora. Like every Red Hat/Fedora 
derivative | have ever used, it uses RPM for package man- 
agement. Yum, which started as a Yellow Dog-specific 
add-on for simplifying package updates (and has been 
adopted by most RPM-based distributions) is naturally 
included, along with the graphical yum updater, Pup. 

When first booting the PowerStation, you go through the 
normal Anaconda new-user setup. Unfortunately, this process 
crashed on me at the very end, forcing me to reboot the com- 
puter. It seemed like it was just a fluke, so | didn’t worry about 
it too much, but | think it may have contributed to my Firefox 
problems (more on that later). 

The package selection available in the default YDL 
repositories is decent, but it’s not as large as | am used to on 
Ubuntu and Fedora. The repositories configured out of the 
box include the Yellow Dog Base, Extras and Updates reposito- 
ries, along with a PowerStation-specific one. Most of the basic 
apps—from Firefox to OpenOffice.org to The GIMP to 
PostgreSQL to Pidgin—are present and accounted for. 

Although most of the packages | expected to find were 
available, a couple interesting ones were absent. One in partic- 
ular (which happens to be one of my favorite applications), 
Inkscape, was missing. Thanks to the PowerPC Fedora Extras 
repository, | was able to install it easily. 

A couple packages | wanted to use on the box, such as the 
renameutils (from www.nongnu.org/renameutils), were 
not available as pre-built RPM packages (as far as | could see, 
anyway). In the case of renameutils, | was able to download, 
compile and install the package manually. 

One big thing | had to get used to on the PowerStation 
was the lack of GRUB. Yaboot is the bootloader for the 
PowerStation. 

Being unfamiliar with Yaboot, | elected not to tinker with it 
or even spend much time looking at it. The system booted 
fine, and | didn’t want to render the box unbootable inadver- 
tently. The Yaboot configuration does look marginally similar 
to GRUB's, and I'll leave it at that. 

Enlightenment is the default desktop environment for the 
PowerStation. The default theme and layout are nice, and the 
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danielb@powerstation:— 


Figure 7. The Yaboot Configuration File 


Figure 8. The PowerStation's Default Enlightenment + Nautilus Desktop 


menus are well organized. 

One interesting decision Terra Soft made was to configure 
the first Enlightenment desktop to run Nautilus full screen for 
file management purposes. This was a little confusing at first 
when | tried to change the Enlightenment wallpaper and noth- 
ing happened. To change the wallpaper of the first desktop, | 
had to change the GNOME wallpaper. Wallpaper issues aside, 
using Nautilus is a smart move, because it is one of the most 
advanced file managers available. | soon got used to using the 
first desktop for file management and the rest for running 
apps. This arrangement actually forced me to become better 
organized as different tasks were more clearly and cleanly sep- 
arated. The other three desktops do not have Nautilus running 
on them, so they behave like regular Enlightenment desktops, 
animated backgrounds and all. 

GNOME also is available out of the box as a session login 
option for those who prefer it, and KDE can be installed with 
the package manager. 

There's no difference in running apps like The GIMP, 
OpenOffice.org or Firefox on an IBM Power processor as 
opposed to an Intel or AMD processor, so | won't go into 
running them other than to say they ran fine. 


The Performance 

Performance is one of those tricky areas that are hard to 
define and nail down—especially when trying to compare the 
PowerStation to x86 workstations. One thing | can say without 


Table 1. Phoronix Test Results on the PowerStation 


Average Result 


2,661.78MB/s 


Test 


RAMspeed Average 
Integer Test 


OpenSSL 36 signs per second 
GnuPG 1GB file encryption 21.96 seconds 


Compress a 128MB file 315.53 seconds 
with Izma 


Compress a 512MB file 
with gzip 


39.38 seconds 


Compress a 512MB file 
with parallel-bzip2 


67.60 seconds 


SQLite 2,500 insertions 74.05 seconds 


on indexed db 


SciMark composite test 264.64M flops 
Timed PHP compilation 82.93 seconds 


1OMeter file server 89.87 seconds 


access pattern 


Timed Apache build 54.48 seconds 


any equivocation is that the PowerStation definitely is speedy. 
Applications launch instantly (or nearly so), and everything feels 
fast and snappy. But “feelings” sometimes can lie, so to get a 
more accurate view, | turned to some performance testing. 

For testing, | installed the Phoronix test suite. Unfortunately, 
although | was able to install it without trouble by following 
the directions on the Phoronix Test Suite Web site and run 
most of the tests, a few of them, including compiling the 
Linux kernel and calculating Pi to 32 million digits, failed. 
In the case of the Linux kernel compilation test, Phoronix 
reported that the test completed in 4.12 seconds. This com- 
pares to a time on my laptop of 4,407.53 seconds. Now, | 
am the first to admit that the PowerStation is much faster 
than my old laptop, but it is not a thousand times faster. 

In the case of the Pi calculation test, the issue was that the 
test assumes you are running on x86, and it tries to load an 
x86 binary, which obviously won't run on the IBM 970MP- 
powered PowerStation. Thankfully, other tests in the Phoronix 
test suite provided more trustworthy results. The mencoder 
test, for example, which converts an 89MB avi file, took a 
respectable average of 42.13 seconds. See Table 1 for the 
results of some of the other Phoronix test suite tests | ran on 
the PowerStation. 

One caveat in my testing is that all of the tests shown in 
Table 1 finished with minor errors, such as “PHP Notice: 
Undefined offset: 0 in /usr/share/phoronix-test-suite/pts-core/ 


functions/pts-functions_system_cpu.php on line X”. | don't 
think the errors skewed the results in either direction, but 
there is a bug somewhere that does not exist when the tests 
are run on an x86-based machine. 

My original plan was to run these tests head to head 
against a quad-core Xeon system | was testing at the time. 
However, due to delays in receiving the PowerStation and 
some unforeseen issues with the Xeon system, | was not able 
to do this. Feel free to run the same tests on your workstation 
and compare your performance to the PowerStation. 

One curious thing about the test results is that some of 
them are slower than the score achieved by my laptop—for 
example, the SQLite test. My old laptop is able to complete 
that test in an average of 62.63 seconds—more than ten sec- 
onds faster than the PowerStation. This may be because of the 
way the SQLite test works, or maybe it favors Intel proces- 
sors—| don't know. In most tests, the PowerStation was faster, 
and in some tests significantly faster, which is what | expected. 


The Problems 

My experience with the PowerStation was not without difficul- 
ties, however; although most issues were a result of the new 
nature of the product. 

First and foremost on my list of issues is that Xorg on the 
PowerStation is unstable. It crashed several times. Even after 
updating the kernel to a more stable version, | still experienced 
crashes on occasion. However, this issue should be fixed by the 
time you read this, as it is known and Terra Soft is working on it. 

Late in the development of the PowerStation there was 
a last-minute switch from using an XGI graphics card to 
using an ATI X1650 Pro. The reason for the switch, accord- 
ing to Terra Soft, was that the XGI graphics card was per- 
forming at a “sub-standard” level, and that “the resources 
required to enable reasonable X11 performance were not 
justified”. The full text of the graphics card announcement 
is here: lists.terrasoftsolutions.com/pipermail/ 
yellowdog-announce/2008-July/000183.html. 

Changing the graphics card pushed the delivery of the 
review unit back by almost an entire month. It’s possible that 
this late change is responsible for some of the issues. 

The next most annoying issue | encountered was the one | 


A Unexpected response from server 


Firefox doesn't know how to communicate with the server. 


© Check to make sure your system has the Personal Security Manager 
installed. 


© This might be due to a non-standard configuration on the server. 


{ty Again | 
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Figure 9. | ran into a strange Firefox error during testing. 
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Firefox - Choose User Profile x 


Firefox stores information about your settings, 
preferences, and other user items in your user profile. 


SS defautt 
| Create Profile... 
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Figure 10. The fix for the Firefox error was to create a new profile and 
delete the old one. 


mentioned before. When | started Firefox after logging in the 
first time, | could go anywhere | wanted to on-line except any 
https:// Web sites. For some reason, Firefox complained about 
not having the Personal Security Manager, which was weird, 

because Firefox was installed (with all of the required pieces). 

The solution was to delete the default profile and create a 
new one using the profile manager, which leads me to believe 
that the default profile was corrupted in some way, probably 
due to the crash in the new-user setup wizard. 

To bring up the profile manager, first quit Firefox, and then 
open a terminal and type firefox -ProfileManager. With 
the profile manager open, | created a new profile and deleted 
the original one. The new profile worked fine, and | was able 
to connect to all of the secure https:// sites that | frequent, 
including my bank Web site and Webmail. 

The next issue | ran into probably was my fault. Every 
PowerStation ships with a letter that has the root password 
specified on it. Unfortunately, | misplaced mine and had to 
talk with the support folks, who were very friendly and 
helpful, to get my root password. They had it on record, so 
| was able to get it without too much trouble. 

The reason | needed the root password brings me to my 
last issue. Admittedly, this is in the realm of stylistic preference 


and not a “real” issue. Whenever you run an application that 
requires root privileges, you actually have to enter the root 
password. | never have liked this way of doing things. A much 
better option, in my opinion, is to have admin-level users run 
admin programs using sudo or gksudo. The fewer the number 
of people who actually know the root password, the better. 
I'm happiest when | never have to use the root password or 
log in as root. As | said before, this is more of a style issue, not 
a problem or showstopper in any way. 


Conclusion 

If you are a developer for Power-architecture systems and 
servers, | heartily recommend the PowerStation. It's a well- 
built, solid machine that can serve as your primary desktop as 
well as your main development box. 

If you are just looking for a workstation, and you don’t 
develop on or for Power, your best bet is to look elsewhere. 
Sure, nearly anyone could use the PowerStation as a full-time 
workstation. It has all the desktop applications most people 
require, but as focused as this system is on Power developers, 
non-Power developers would best be served with an x86- 
based system. 


Daniel Bartholomew lives with his wife and children in North Carolina. His normal on-line 
presence is at daniel-bartholomew.com, but he also can be found on Twitter as daniel_bart 
and on identi.ca (and Jaiku and Pownce) as bartholomew. 


Resources 


PowerStation Web Site: www.terrasoftsolutions.com/ 
products/powerstation 


Download Open-Source Slimline Open Firmware (SLOF): 
www-128.ibm.com/developerworks/power/pa-slof 


Instructions for Installing Third-Party Repositories 
for YDL 6: blogs.ydl.net/billb/2008/03/02/ 
third-party-repos-for-ydl-6 


Phoronix Test Suite: phoronix-test-suite.com 


13=¢%, 8l-3 Slice and Dice Images with ImageMagick 


You can use the convert command that comes with 
ImageMagick to extract parts of an image. 

You can cut out a 100-pixel-wide chunk from somewhere 
in the middle of an image: 


$ convert -crop 100x+0+0 orig/wrapperbg775.gif sliceO.gif 
$ convert -crop +200+0 orig/wrapperbg775.gif slicel.gif 
$§$ convert tappend slice@.gif slicel.gif wrapperbg675.gif 


You can duplicate a 100-pixel-wide chunk from somewhere 
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in the middle of an image: 


$ convert -crop 100x+100+0 orig/wrapperbg775.gif slicel00.gif 
$ convert +append sliceO.gif slicel00.gif slice 100.gif 
slicel.gif wrapperbg875.gif 


Note that there was no need to specify the height of the 
image in any of the above commands. If you need to adjust 
the height instead of the width, the steps are similar, but use 
-append instead of +append to paste the slices vertically. 

—JANOS GYERIK 


Linux News and Headlines 
Delivered To You 


Linux Journal topical RSS feeds NOW AVAILABLE 


HACKING 
THE NOKIA 
INTERNET 
TABLET 


Nokia Internet tablets are more than just small Webpads and e-mail 
appliances. Take a look and see just what they’re capable of doing. 
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I've been a fan of tiny computing 
devices for a long, long time. | started 
my obsession for having a “PC in your 
pocket” with the Hewlett-Packard 95LX 
and stayed with that platform for a long 
time—graduating to a 100LX, then a 
200LX. The 200LX was eminently hack- 
able, as it was basically a PC/XT running 
DOS 5.0 with CGA graphics. At one 
point, | had the 200LX doing some 
crazy things, including acting as a 
mobile Internet terminal while | was on 
vacation touring Europe. 

| then moved on to the Palm line of 
organizers, but although the features 
grew, the ability to hack the system 
slowly diminished. I’d pretty much given 
up on an easy-to-hack portable PC, until 
Nokia released its series of Internet 
tablets. Once | saw the N800 in action, | 
knew | had to get my grubby paws on 
one and see just how far the little plat- 
form could be hacked. I’m happy to say, 
| haven't been disappointed. 

Nokia has released three models of 
Internet tablets at the time of this writ- 
ing: the 770, N800 and N810. The 770 
was basically the prototype Internet 
tablet, while the N800 and N810 are 
very similar in basic architecture. 
Because the 770 is somewhat unique, 
this article applies only to the N800 and 
N810. The Nokia Internet tablets have 
been covered in Linux Journal before— 
the N800 actually won the “Ultimate 
Linux Handheld” award in September 
2007. Doc Searls and Jim Thompson 
wrote an article in that same issue and 
demonstrated the device's value when 
paired with a Bluetooth GPS and a cel- 
lular phone. That’s one type of hack for 
the tablet, but there are many others. 

The first “hack” anyone should do 
to the tablet is to flash it to the latest 
version of the operating system, if that's 
not been done already. The N800 ships 
by default with OS2007 (maemo 3.2, 
code-name Bora), and the N810 ships 
with OS2008 (maemo 4.0, code-name 
Chinook). However, a new version of 
OS2008 was released in June 2008 
(maemo 4.1, code-name Diablo) that 
enabled over-the-air upgrading, much 
like apt-get does for Debian-based 
laptops and desktops. If you are not 
running this on your tablet, that’s the 
first hack you should do. 

The full instructions for updating 
your tablet are available on Nokia's 
wiki (see Resources), but | summarize 
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Figure 1. Pidgin on the Tablet 
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Figure 2. Running LXDoom 


them here. To update the OS on your 
tablet, the first thing you should do is 
run the internal backup utility (found 
in the Settings menu), back up the 
contents of the tablet, and then 
transfer the contents of that backup 
to your PC. Next, download the Linux 
“flasher” utility and the latest 
firmware image for your particular 
tablet to your PC. Ensure that the 
battery on your tablet is fully 
charged, power off the tablet, and 
connect the tablet to your PC. Finally, 
execute the flasher utility as root with 
a similar command line as shown on 
the wiki, and plug the tablet in to the 


i ~@ RO 


charger. The flasher utility displays 
messages as the firmware load 
progresses, and the tablet reboots 
automatically. That's it! 

A tiny but very useful “hack” for 
the Internet tablet is to populate it 
with large Flash media (SD cards on 
the N800, miniSD cards on the N810) 
and use it as a USB storage device. 
Nokia had the foresight to give the 
tablet the ability to look like a USB 
mass storage device to a PC when a 
USB cable is connected. | have two 
8GB SD cards in my N800, and | 
always leave a couple gigs of storage 
available on one of the cards, so that 
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in a pinch, | can jack the tablet up to a 
PC and use it as a portable hard disk. 
It has come in handy more than once. 
Another useful “hack” that’s really 
easy is installing Linux applications 
that have been ported to the tablet. 
One of my favorite applications on the 
tablet is the popular IM application 
Pidgin, as shown in Figure 1. Although 
the Nokia tablets come with an XMPP- 
compliant Jabber client, | find that 
having a consistent Ul and behavior 
from desktop to laptop to tablet is 
really nice. Getting Pidgin installed on 
the tablet is really easy, as it’s in the 
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ing Battle of Wesnoth, Nethack, 
Bomberman and even Quake. 

Another really interesting hack for 
the Nokia tablets is using them to 
emulate other computing environ- 
ments. ACCESS (the owners of the 
Palm operating system) has released a 
free (as in beer) Virtual Machine (VM) 
for Nokia tablets that allows PalmOS 
applications to run on the tablet. To 
install the VM on your tablet, go to 
the link provided in the Resources 
section of this article, and register to 
download the VM. A link for down- 
loading the VM will be sent to you 


Another useful “hack” that’s really easy is 
installing Linux applications that have been 


ported to the tablet. 


official Nokia software repositories. 
Simply fire up the Application 
Manager from the Settings menu, 
search for Pidgin, and click install. 
The launcher for Pidgin will be in 
the Extras section of the menu. 

Of course, a Linux machine of any 
kind isn’t really complete until it runs 
Doom. LXDoom has been ported to the 
tablet, and it runs just great, as shown 
in Figure 2. The controls take a little 
getting used to, due to the nature of 
the touchscreen and the directional pad 
on the tablet, but the game runs with a 
very playable framerate. Other games 
have been ported to the tablet, includ- 


via e-mail. Open that e-mail message 
on your tablet and click the link, and 
you'll be sent to a site where you can 
agree to the EULA and download the 
binaries. Make sure to open the pack- 
age in the Application Manager, and 
it will install automatically after you 
click OK in a couple dialogs. 

Once you launch the application, 
you will see a start screen (Figure 3) 
where you can select the PalmOS app 
you want to run. Click the app, and 
then click Launch, and the VM launches 
that app (Figure 4). Once the app starts, 
you are in a PalmOS VM, and you can 
even call up a PalmOS “home” screen 
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Figure 5. PalmOS Home Screen 


by clicking on the house icon (Figure 5). 
This comes in very handy if you are a 
recovering Palmaholic who's got that 
one killer app you haven't been able to 
find on any other platform (TealAuto is 
that one for me!). 


Other emulators have been ported 
to the tablet as well, such as Basilisk 
(if you are a fan of old Macintosh 
applications), DOSBox for old DOS 
programs or games and Bochs (if you 
want to try your hand at running 
Windows 3.1 or Windows 95 on your 
tablet). There are documented cases 
in the Nokia forums of people run- 
ning Windows 95 and even Word 6.0 
on their tablets. 

The tablets also make great IP tele- 
phones. Not only is there a Skype client 
for the unit, but there also are fring and 
Gizmo clients, as well as the Web- 
enabled Google-based Grandcentral. 
The Internet Tablet Talk forum has a 
post that describes how to tie a free 
Gizmo and a free Grandcentral account 
together to get 100% free land-line 
phone calls from your Nokia tablet. 
Other than the Gizmo account and 
software, there are no real “hacky” 
things needed, other than a willingness 
to tie two services together in a way 
that neither provider envisioned. 


For Further Hackery 


Getting more information on the tablets and their extensibility is easy, thanks to 
excellent documentation on the Internet about these units. The first stop when 
looking for information should be the maemo.org site. This site is the home for 
all things tablet-related, from the Nokia wiki, to the software repositories, as well 
as the software updates and source code archives. It’s all on maemo.org—except 
for the true hacks. Those can be found in the archives of the Internet Tablet Talks 
forums. The people there have come up with some truly amazing hacks and 
other really neat ways of using the tablets, and there’s something new almost 


every day there. 


So far, I've touched on some of the 
easier software hacks you can do that 
will extend your tablet. You can perform 
other more-advanced hacks on both the 
OS and hardware, but you need to have 
one thing before you can proceed with 
them, and that’s a root shell. 

In previous versions of the tablet’s 
OS, this was truly a hack. In OS2008 


(Diablo) this has been turned into an 
installable package, so it’s really easy 
now. Simply open the Application 
Manager, search for the rootsh package 
and install it. Then, once you have a 
shell open in the X terminal, run 
rootsh, and you will have root access 
to your tablet. 

Once you've got a root shell, you 
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really can start digging into the OS of 
the tablet. One of my favorite hacks is 
to run the OS off an SD card rather 
than the internal Flash disk. Not only is 
it faster if you have a Class 6 SD card, 
you also can partition the disk so that 
you'll have more space for applications, 
and you still will have the internal Flash 
copy of the OS in the event that you 
break something. 

This process is documented in full 
on the maemo.org wiki (see Resources), 
but the steps are actually pretty easy 
and can be summarized in this article. 
First, you need to have the root shell 
enabled on your tablet as described 
above. Then, you need to partition 
the SD card into two partitions: the 
first partition is a FAT32 partition for 


5. Committing the filesystem updates 
and umounting /floppy and /opt. 


The device reboots when it’s done, 
and the boot menu pops up. At that 
point, just select what you want to boot 
from the menu. If you're really feeling 
adventurous, try “Advanced Booting” 
your tablet, so you can boot multiple 
copies of the OS from the card. The wiki 
has an example procedure that shows 
how you can set up a card to have a 
2GB data partition and boot five differ- 
ent copies or versions of the tablet OS! 
Just the thing for the curious tablet user. 

All of these hacks have dealt with 
the software or firmware of the tablet 
in one way or another. A very useful 
hardware hack is enabling a USB host 


A tablet, running in USB host mode, would be 
able to utilize a full-size keyboard and USB disk 
drives, effectively making it more of a PC. 


your data, and the second is an ext2 
partition for the copy of the tablet’s 
OS. After you've prepared the card, 
you need to install some packages 
from the command line (wget, tar, an 
upgrade script called nupgrade.sh and 
a couple tablet-specific packages like 
initfs_flasher). initfs_flasher flashes the 
boot sector of the internal Flash disk 
to pop up a boot menu that lets you 
boot the tablet from internal Flash, an 
SD/MMC card or an external device 
like a USB memory stick. 

Once initfs_flasher has finished 
doing its magic and you have set the 
default boot device, you're ready to 
clone the OS to the SD card. This is as 
easy as becoming root on the tablet and 
running the nupgrade.sh script with the 
proper arguments. Note that you'll run 
it five times according to the wiki—this 
lets you monitor each step of the way. 
The steps are as follows: 


1. Creating the ext2 filesystem on parti- 
tion two of the SD card. 


2. Temporarily mounting partition two 
as /opt. 


3. Temporarily mounting the rootfs 
as /floppy. 


4. Cloning the OS from /floppy to /opt. 


mode on the tablet. The tablet as 
shipped is a USB device, suitable for 
hooking to a PC and showing up as a 
device attached to that PC. A tablet, 
running in USB host mode, would be 
able to utilize a full-size keyboard and 
USB disk drives, effectively making it 
more of a PC. This previously was a 


hardware-only hack, requiring soldering 
special USB cables to put the USB port 
into host mode. 

With OS2008, Nokia put software 
hooks into the OS to allow users to 
flip the port into host mode. This is 
enabled by a small package called 
USBControl, which is in the Nokia 
repositories as well, and it can be 
installed via the Application Manager. 
Once you run USBControl, switching 
from device to host is as easy as 
touching a button. Then, simply hook 
up the device you want to use with 
the tablet using any adapters that are 
necessary, and that’s it (assuming there 
are drivers for that device in the OS). 
Most input devices and storage 
devices are enabled out of the box. 

The Nokia N800 and N810 are both 
great little devices and are much more 
than the sum of their parts, thanks to 
their open-source heritage and Nokia’s 
willingness to allow them to be 
extended and hacked in this fashion. 
Kudos to all the maemo.org developers 
and hardware engineers for creating 
such a hackable and fun platform!m 


Bill Childers is an IT Manager in Silicon Valley, where he lives 
with his wife and two children. He enjoys Linux far too much, 
and he probably should get more sun from time to time. In his 
spare time, he does work with the Gilroy Garlic Festival, but he 
does not smell like garlic. 


Resources 


Maemo.org Home Page: maemo.org 


Internet Tablet Talk Forums: www.internettablettalk.com 


How to Flash the Latest Nokia OS Image: 


wiki.maemo.org/Updating_the_tablet_firmware 


Gaining Root Access to the Tablet: wiki.maemo.org/Root_access 


Booting the Tablet from a Flash Card: 


wiki.maemo.org/Booting_from_a_flash_card 


The Palm “Garnet” VM for the Nokia Tablets: www.access-company.com/ 


products/gvm 


How to Enable USB Host/OTG Mode on an N800: 
www.harbaum.org/till/n800_usb/index.shtml 


Using Gizmo and Grandcentral on the Nokia IT: 
www.internettablettalk.com/forums/showthread.php?t=14536 
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m@ Charging your phone over USB. 


@ Backing up the phone's applications and data to a Linux 
computer and restoring if necessary. 


H Transcoding video and audio files to use on the Curve. 
@ Syncing a BlackBerry with Evolution. 


The test system for this article is my HP Pavilion DV6458 
laptop running Debian GNU/Linux’s Lenny distribution. By 
the time this article is published, Lenny either will be the 
stable release of Debian, or it will be just short of that 
status. My phone is the BlackBerry Curve 8320, running 
on the T-Mobile network. 

For it to be useful as anything but a pure telephone, you 
must install a microSD Flash memory card in your Curve. | use 
a 6GB card, which can hold 20 albums of music plus 20 pod- 
casts at a time and still leave a couple gigs for photos and 
video. Installing your microSD card will expose you to one of 
RIM's puzzling decisions: the SD card is under the battery. Yes, 
that’s right. You have to power-cycle the phone to change 
cards. As booting after a power cycle is notoriously slow for 
BlackBerries, this is a major annoyance. Because of this, | 
strongly recommend getting the highest-capacity card or cards 
you can afford to minimize the need to swap. 


Connecting the Phone to the PC 

Another thing that puzzles and irritates Research In Motion’s 
customers: RIM includes Bluetooth in its phones, but it’s crip- 
pled. If you'd like to transfer data to and from your BlackBerry 
Curve, you must use a USB cable. The upside is, it’s incredibly 
simple. Just plug a standard USB cable in to the phone and 
computer, and your system should detect the phone automati- 
cally. If you are using a disk manager, such as gnome-volume- 
manager, the microSD card in the BlackBerry should appear 
automatically as a removable disk drive. Transferring anything 
to or from the card is as simple as a cp command or dragging 
and dropping in any file manager. 


Backup and Restore 

First, you obviously can back up and restore the contents of 
the microSD card like any other mounted drive. However, 
the phone’s own databases are not part of the filesystem, 
so special software is required. Luckily for me, there’s a 
package already designed for this purpose, Barry, a project 
hosted and supported by NetDirect, a Canadian computer 
consultancy specializing in open-source solutions 
(www.netdirect.ca/software/packages/barry). Barry cur- 
rently is alpha software, but it's quite usable. Unfortunately, it 
is not officially packaged for Debian. There are unofficial pack- 
ages at that site for Debian Stable (Etch), but they are for the 
i386 architecture only, and they were problematic to install on 
my AMD64 system, so | was forced to compile my own. (In 
testing on my tower system, which runs the i386 distribution 
of Debian Lenny, the pre-created packages worked perfectly.) 
There is a special set of downloads and instructions on how 
to create Debian packages available at the Barry site, but 
unfortunately, they did not work on my system. (This may have 
been fixed by the time you read this.) However, the traditional 
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Figure 1. BarryBackup 


make ; sudo make install combination worked perfectly. 
You can use stow to manage unpackaged applications. 

Doing make install puts the libbarry* libraries into 
/usr/local/bin, but the actual executables expect them to be in 
Nib/tls. Rather than try to reconfigure the program, | simply 
copied the libraries to that location. 

RPMs and instructions for creating RPMs are supplied for 
distributions that use that packaging system. 

After installing Barry, you immediately can back up the 
BlackBerry databases, including contacts, appointments, 
settings, memos and so on. First, run the bcharge program. 
bcharge does two things: 


1. You may have noticed that when you plug your BlackBerry 
in to a PC running Linux, you are warned that the “charg- 
ing current is not sufficient”. bcharge increases charging 
current to 500mA and eliminates this message, plus it allows 
your phone to charge much faster. 


2. It takes control of the device away from the usb_storage 
kernel module, so that access to the database and other 
functions is available. Despite this, the microSD card still can 
be mounted and files copied back and forth. 


Note: bcharge is not compatible with the kernel module 
berry_charge. If Ismod reveals that berry_charge is present, use 
sudo modprobe -r berry_charge to remove it before run- 
ning bcharge. If you plan to use bcharge routinely, blacklist 
berry_charge (sudo echo "blacklist berry_charge" >> 
/etc/modprobe.d/blacklist). 

Apparently, bcharge works differently on different comput- 
ers, depending on the exact device configuration and system. 
Try running sudo bcharge -o first. If this fails, try sudo 
bcharge (no flag). If even that fails, try sudo _bcharge ; 
sudo bcharge -o. You can check whether the device has 
been detected using sudo btool -1. On my computer, when 
the device is detected | see this output: 


Blackberry devices found: 
Device ID: OxFFFFFF. PIN: FFFFFFF, 
Description: RIM 8300 

Series Colour GPRS Handheld 


(| have obscured my device and pin numbers 
in the above output.) 

Barry's btool offers a lot of functionality, 
and | encourage you to do aman btool to 
learn more. 

To back up my phone’s databases, | used 
the barrybackup application. The installer 
did not set the program to setuid root, 
which is required. | had to sudo chmod +s 
/usr/local/bin/barrybackup before the 
program would work correctly. 

Simply click the Backup button, and all 
databases are backed up. You can configure 
which databases are backed up and also 
choose to restore only certain databases, by 
clicking Edit~Config. Backups are stored as 
tar.gz files in ~/.barry/backup/FFFFFFFF, where 
that last hex number is your device PIN. 


Audio and Video on the Curve 

| got this phone specifically to replace my 
MP3 player. It has excellent sound and video 
quality (given the tiny screen’s limitations), 
and a high-capacity microSD card can hold a 
lot of music. Of course, given that the card 
must hold music, video, photos taken with 
the built-in camera, ebooks and everything 
else, you will want to use the most efficient 
file formats. 

First, let’s discuss music. The Curve sup- 
ports MP3, AAC, MIDI and WMA files for 
audio. Because I'm trying to use free tools as 
much as possible, WMA and AAC formats are 
problematic, leaving me with MP3. (MIDI is a 
specialized format not usable for recorded 
music.) MP3 files also are supported in fapg 
(see below). 

For CD audio, | use A Better CD Encoder 
(abcde) to rip the CD, with the command: 


Sig Gis agi) Gis Gis) Gis GisieGas Gas sas. Gas sca Gad Gast Gas Gas Gas Gas) Ges 


#DebugMode 


abcde -o mp3 


This rips the CD into MP3 files in the current directory. As 
abcde uses lame for MP3 encoding, you can control the details 
of the files created to the finest detail, but the default settings 
actually are more than good enough for me. 

The video screen on the Curve has a resolution of 320x240. 
It accepts video in MP4, 3GP and WMV formats. Obviously, we 
free-software types prefer to use MP4 (even if it’s a patented 
format) over WMV. I'm not aware of any good free tools to 
create 3GP (Third-Generation Phone) files. 

The Swiss army knife of free software video encoders is 
FFmpeg. For Debian distributions, you can obtain it by 
adding the repository at debian-multimedia.org to your 
/etc/apt/sources.list, then running sudo apt-get update 


msynctool --addgroup evo-barry 
msynctool --addmember evo-barry evo2-sync 


msynctool --addmember evo-barry barry-sync 


msynctool --configure evo-barry 1 


msynctool --configure evo-barry 2 


Listing 1. Setting Up msynctool to Work with Evolution and the BlackBerry 


Create the sync group 
dd Evolution's OpenSync 
plugin 

Add Barry's OpenSync 
plugin 

Opens an editor for the 
evol-sync config file 
Opens an editor for the 
barry-sync config file 


ee: ee: a eS 


Listing 2. The barry-sync Configuration File 


This is the default configuration file 

for the barry-sync opensync plugin. 
Comments are preceded by a '#' mark at the 
beginning of a line. 

The config format is a set of lines of . 


Keywords available: 


DebugMode - If present, verbose USB debug 
output will be enabled 


Device - If present, it is followed by the following values: 
PIN number - PIN number of the device to sync with (in hex) 
sync calendar - 1 to sync calendar, @ to skip 


sync contacts - 1 to sync contacts, @ to skip 


Password secret - If present, specifies the device's 
password in plain text 


Device 3009efe3 1 1 


#Password secret 


&& sudo apt-get install ffmpeg. Starting with any 
supported video, converting is as simple as this command: 


ffmpeg -i myvideo.avi -s 320x240 -b 64k --ab 64k myvideo.mp4 


This sets the dimensions to 320x240, and the audio 
and video bitrates to 64kbps. You can adjust these settings 
to taste. Note that the Curve can play back video com- 
pressed using only the MPEG 4 Part Two Advanced Simple 
Protocol (ASP). H.264, or MPEG 4 Advanced Video Codec, 
is not supported. 

Transferring audio and video files to the handset can 
be done with cp or a file manager like Krusader. Audio 
files should be stored in /Blackberry/music, and video in 
/Blackberry/videos. You can create subfolders within these 
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for your own convenience, but the handset will ignore 
them and catalog the media based only on metadata (also 
known as ID3 tags) embedded in the files. Music can be 
viewed by Artist, Aloum, Genre or Playlists. The Media 
application works with M3U playlists, which can be created 
using fapg (the FAst Playlist Generator, see Resources). 
M3U playlists are simple text files and can be modified 
using any editor. 

When the Curve is disconnected from your computer, the 
Media application scans the music and video directories and 
generates lists of available audio and video files. This takes a 
few minutes, depending on how much is stored on the 
microSD card. Your songs may not be available until the scan 
is complete. 


Synchronizing with Evolution 

NetDirect has an excellent document explaining how to 

sync your BlackBerry Contacts and Appointments with 

Evolution using Barry here: www.netdirect.ca/software/ 

packages/barry/sync.php. To do so requires that you install 

the Debian packages multisync-tools and libopensyncO. 
Before synchronizing, you must create a sync group 


XmBlackBerry is a single 
GUI program, as opposed to 
Barry’s suite of several 
mostly command-line tools. 


that includes Evolution and the Barry opensync plugin 
(Listing 1). 

Unless you have changed the default locations of the 
Evolution data files, you shouldn't need to change anything in 
the configuration file for evo2-sync. The barry-sync default 
configuration file looks like Listing 2. 

Unless you have assigned a password for your Curve, 
the only change needed here is to replace 3009efe3 with 
the correct PIN, which you can find using btool -1. If you 
have trouble with sync, you can uncomment DebugMode. 
Before syncing, Evolution and its back-end servers should 
be shut down: 


evolution --force-shutdown 

Then, syncing is as easy as: 
msynctool --sync evo-barry 

Note: on my Debian system, msynctool could not 
connect to the BlackBerry unless it was able to run with 
elevated privileges: 
sudo chmod +s /usr/bin/msynctool 

You also could change the permissions on the USB device 
to correct this problem. 


Sync still is very much in alpha, and it can destroy your 
data! Be sure you have backups of both the Curve and 
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Evolution databases before you sync. 


Wrapping Up: Alternatives and the Future 
My BlackBerry does not connect to a BES (BlackBerry 
Enterprise Server), so | have not tested any interactions 
between Barry and enterprise systems. 

There is another free software project with the goal of 
making BlackBerry functionality available to Linux users. 
XmBlackBerry is a single GUI program, as opposed to 
Barry’s suite of several mostly command-line tools. | 
went with Barry for myself and for this article, because 
XmBlackBerry hasn’t had a release in more than a year, 
and | am comfortable on the command line. If you have a 
BlackBerry, keep an eye on XmBlackBerry, which is being 
actively developed and looks very promising. 

Both Barry and XmBlackBerry support using the phone 
as a tethered modem to connect your computer to a cellu- 
lar data network. However, at this time, neither works 
correctly with the 8320. | have reported this to the Barry 
developers, and by the time you read this article, the 
problem may have been fixed. | hope so, because using 
the Curve as a modem is almost the only reason | ever 
boot my laptop into Windows. 

When | started using Linux in the early 1990s, there 
was a real feeling of adventure. Every time you installed a 
program, you were likely to have to solve some sort of 
problem or invent a workaround. | don’t regret the fact 
that Linux and free software are so polished and generally 
easy to use. Still, it's exciting to be working with software 
on the cutting edge again. BlackBerry support in Linux still 
is a work in progress, but it's just the sort of fun challenge 
that got a lot of us into this in the first place. I’m looking 
forward to seeing how things progress.m™ 


Carl Fink has, in his career, been a museum guide, schoolteacher, system administrator, 
programmer and corporate trainer. These days, he makes his living as a writer and spends 
much of his spare time helping to put on I-CON, an annual science-fiction convention on 
Long Island. He blogs at nitpicking.com. 


Resources 


Barry: www.netdirect.ca/software/packages/barry 
XmBlackBerry: xmblackberry.sourceforge.net 


Syncing Your Blackberry: 
www.linux.com/feature/123251 


A Better CD Encoder (abcde): code.google.com/p/abcde 


Evolution: freshmeat.net/redir/evolution/2452/ 
url_homepage/evolution 


Fast Audio Playlist Generator (fapg): 
royale.zerezo.com/fapg 


FFmpeg: ffmpeg.mplayerhq.hu 
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MAY 18-20, 2009, MONTE VERITA, SWITZERLAND 


http://www.usenix.org/hotos09 
Paper submissions due: January 13, 2009 


2009 USENIX ANNUAL TECHNICAL CONFERENCE 


JUNE 14-19, 2009, SAN DIEGO, CA, USA 


http://www.usenix.org/usenix09 
Paper submissions due: January 9, 2009 


18TH USENIX.-Security Symposium 


AUGUST 10-14, 2009, MONTREAL, CANADA 


http: //www.usenix.org/sec09 
Paper submissions due: February 4, 2009 


23RD-LARGE INSTALLATION SYSTEM ADMINISTRATION 
CONFERENCE}(LISA '09) 
Sponsored by USENIX and SAGE 
NOVEMBER 1-6, 2009, BALTIMORE, MD, USA 
http://www.usenix.org/lisa09 


USENIX: THE ADVANCED CompurTiING SysTEmMs ASSOCIATION 


TECHNICAL SESSIONS AND TRAINING PROGRAM INFORMATION AND HOW TO REGISTER ARE AVAILABLE ONLINE AND FROM THE USENIX ofFFice: 
http://www.usenix.org/events | Email: conference@usenix.org | Tel: +1.510.528.8649 | Fax: +1.510.548.5738 


A Look at the 


Kindle 


Yes, it 

runs Linux. ) a ere 
Yes, you 
can hack it. sii 


DANIEL THE LIGHT-BEAM RIDER 
BARTHOLOMEW 


“I promise you four papers,” the young patent 


examiner wrote his friend. The letter would turn out to 
bear some of the most significant tidings in the 
history of science, but its momentous nature was 
masked by an impish tone that was typical of its 
author. He had, after all, just addressed his friend as 
“you frozen whale” and apologized for writing a letter 
that was “inconsequential babble.” Only when he got 
around to describing the papers, which he had 
produced during his spare time, did he give some 
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The Kindle has been out for a year now, and Amazon 
has had plenty of time to work out any kinks in the soft- 
ware and hardware. It should be a rock-solid device, right? 
| decided to find out. After spending some quality time 
with the Kindle, | now can say the answer is mixed. Some 
things work great on the Kindle, but other things just 
don’t, and some of those things probably never will work 
right (until Kindle 2.0, that is). 

The good news is that the Kindle is readily available. Early 
on, it was perpetually out of stock on Amazon's Web site. 
Some critics claimed the shortages were self-inflicted, and 
Amazon claimed demand was simply “overwhelming”. 
Whatever the reasons were, they have been overcome. You 
want one delivered tomorrow? Done. 

The Kindle comes in a very attractive package that 
resembles a book. Inside the box, you get a USB cable, 

a power brick, a manual, a handsome carrying case and 
the Kindle itself. 

After performing my solemn duty as a man and a geek of 
throwing away the manual, it was time to get the Kindle up 
and running. The first order of business was to plug it in and 


Figure 1. The Kindle comes with everything you see here. 


USB Drive Mode 


Your Kindle is in USB drive mode. The wireless 
service is off, and you cannot use your Kindle 
for reading until you disconnect the USB cable. 


G 


Do not disconnect your Kindle if the 
USB activity indicator is blinking..... ‘| 


Figure 2. This screen appears on the Kindle while USB is plugged in. 


charge it up, and then, get some content on it. Thankfully, 
charging takes only a couple hours, and you can use the 
Kindle while it's charging. 

Connecting the Kindle to your computer is as easy as con- 
necting any other modern electronic device via a standard USB 
cable. The Kindle shows up as a removable device, like most 
cameras and thumbdrives. If you have an SD card plugged in 
to the SD card slot, it also shows up. 

First and foremost, the Kindle is defined by its screen. 
The E Ink display immediately sets it apart from LCD and 
CRT displays. The best word to describe it is steady. | can 
stare at it for hours without my eyes growing tired like 


Figure 3. Ports on the Bottom of the Kindle 


Figure 4. The Kindle is small and light. 


www.linuxjournal.com december 2008 | 77 


FEATURE A Look at the Kindle 


The Best of All Possible War! 


Chapter Three 

Minister the Hi 
regarded the Terran wit] 
for War of the Provision! 
man himself, a stark sti 
Ritterhaus. Its only luxu 
of the Founder's Memd 
rest it held a severely p 
cot for occasional sleep, 
of a kzin warrior, a pict! 
the same bleakly han 
looks with a steel-trap 
Markham's ship during most of his years as a leader of 
Resistance guerrillas in the Serpent Swarm, the asteroid belt 
around Alpha Centauri. Markham himself was a young man, 
only a little over thirty-five; blond asymmetric beard and wiry 
close-cropped hair, tall lean body held ramrod-tight in his 
plain gray uniform. 

"Why, exactly, do you wish to block further renovation 
of the Munchen Scholarium?" he said, in his pedantic 
Wunderlander-flavored English. It held less of that guttural 
undertone than it had a year ago. 

General Buford Early, UN Space Navy, lounged back in 
the chair and drew on his cheroot. He looked to be in late 
middle age, perhaps eighty or ninety, a thick-bodied black 
man with massive shoulders and arms and a rumpled blue 


> 1 AaBbCc 


Locations 2054-65 


Figure 5. You can change the font size to whatever you like. 


they do with LCD displays. Yes, it is only black and white 
with a few levels of gray, but for something designed for 
reading, it is ideal, or nearly so. The current generation of 
electronic pager displays isn’t perfect—the blacks aren't 
truly black, and the whites are more of a light gray—but 
it's pretty close. 

The Kindle is powered by a PXA255 XScale processor and 
has 256MB of internal Flash memory (with 180MB available 
for books and other content). Under the back cover of the 
Kindle is an SD card slot, the reset hole and the battery. 

Navigation on the Kindle is handled by the Prev Page, 
Next Page and Back buttons along either side of the Kindle 
and by a clever scroll wheel, which functions as the Kindle’s 
mouse replacement. 

The keyboard on the Kindle is cramped. The keys are too 
small, and they require too much force when pressing them. 
It works though, and the typing needed is minimal, so | can 
live with it. 

All documents on the Kindle behave more or less the 
same. There's no scrolling; instead, you page through the 
text. You can change the font size and use the scroll wheel 
to look up words in the built-in dictionary or follow links to 
other places in the document. You can bookmark a page by 
moving the scroll cursor to the top of its track and virtually 
folding down the top-right corner of the page. You also can 
add notes to the text and highlight passages by drawing 
boxes around them. 
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The Kindle’s Features 

One of the earliest complaints leveled against the Kindle was 
that it is tied to Amazon.com and its storefront. Along those 
lines, the two most common fears were “If my Kindle loses 
its memory, will | lose all my books and have to buy them 
again?” and “Is Amazon my only source for content?” The 
answer to both of those questions is no. 

Amazon keeps a record of all of your purchases and lets 
you re-download them at any time. You also can back up your 
Kindle files on your computer. The Kindle is well integrated 
into Amazon's bookstore, but it is not tied to it. Several 
eBookstores have eBooks for free download or purchase, 
including ManyBooks.net, WebScription, Mobipocket.com 
and many others (see Resources). 

Mobipocket is the originator of the Mobipocket eBook 
ormat. It was purchased by Amazon in 2005, so it's not 
surprising that the default format for Kindle eBooks is 
Mobipocket. Amazon adds DRM, unfortunately, to the 
otherwise Mobipocket-formatted eBooks it sells through 
Amazon.com and the built-in-to-the-Kindle bookstore. True 
o the real intent of DRM, this does little to stop piracy and 
everything to punish and annoy honest citizens. But, and 
his is a big one, the Kindle reads unencrypted Mobipocket 
iles just fine. All of the sites listed above offer books in 

obipocket and other formats. My favorite of the bunch is 
ManyBooks.net, because it specializes in public domain 
books—meaning the books available for download on its site 
are not only free, they're also free (if you know what | mean). 

One of the Kindle’s neatest features is its wireless capabili- 
ties. The Kindle cannot connect to your Wi-Fi network, but it 
doesn’t need to. Instead, it uses a built-in EVDO modem to 
connect to what Amazon calls its Whisper Net, but in reality, 
it’s just Sprint’s CDMA network. There is no charge for using 
this network, even for Web browsing. Instead, the costs 
are rolled in to the price of the Kindle itself, and the 
books, magazines and services you buy from Amazon. 

Actually, | shouldn't include “services” in the above list, 
because right now, the only service Amazon charges for is its 
document-conversion service. You can e-mail Word, HTML or 
image documents to <yourname@kindle.com>, and they are 
converted and sent directly to your Kindle for $0.10 each. 
There’s also a free version where you can e-mail documents 
to <yourname@free.kindle.com>, and you'll get a link to 
the converted document sent back to you (getting it onto 
your Kindle is your responsibility). The yourname part of the 
e-mail can be set and changed at Amazon.com in the 
Manage Your Kindle section. 

| tested the conversion functionality with several docu- 
ments, and | tried both the no-cost and regular services. 
There wasn't any difference in the time it took to convert 
the documents. The only difference was that one was sent 
to my Kindle automatically and the other arrived in my 
e-mail and had to be transferred manually to my Kindle. 

My first test involved sending some .pdf files for conver- 
sion. The text converted fine, but | lost the graphics, some of 
the formatting, internal links and the .pdf's table of contents. 
| can't be too upset about what failed though, as .pdf isn't 
an officially supported file format. With all the PDF documents 
| have, it’s nice that it works, even with some limitations. 

| also tried sending over .gif, .jog, .odt, .ods, .doc, .x|s, .rtf 


£ 


Bs 


and .htm! documents. The .html, .rtf, .gif, jog and .doc docu- 
ments came through fine, but the translation service did not 
recognize the OpenDocument or Excel documents. 

By default, this service converts and sends to your 
Kindle only documents sent from your primary e-mail 
address as configured at Amazon.com. You can add additional 
e-mail addresses. 


The Kindle Is Open to Experimentation 

The Kindle’s main menu has an Experimental item on it. This 
submenu has three choices: Basic Web, Ask Kindle NowNow 
and Play Music. 

Basic Web is what it claims to be—a basic Web browser. 
It has two viewing modes: Default and Advanced. Default 
strips out most formatting and just provides the content of 
the page you're viewing. Advanced mode tries to render 
some of the page's layout. 

Ask Kindle NowNow is a human-powered search service 
from Amazon. You can ask a question and submit it, and then 
real people will research it on-line and send up to three 
responses to your Kindle. The service is free for now, but | 
can't imagine it will remain free indefinitely. To test it, | sent 
the question: “When will the successor to the Kindle be 
announced?” About 30 minutes later, | had three answers on 
my Kindle and in my e-mail inbox. They were all along the 
ines of “not this year”. The first one was the best; it was well 


Ask Kindle NowNow Cancel 


— — CLEAR 


en I 9 ; : " 1 

# Mmm OD 
When.will:the successor.te the Kindle be........... 
annaunced?... See ecsleteee ie eceeeserestteeeeefe eters teeter eee 


(255 characters maximum) Submit ll 


Ask. We will find. You will receive. 
Enter your question above and select Submit. 


Real people will research your question online. 


We will quickly send up to 3 answers directly to 
your device. Best of all, it's free! 


Kindle NowNow by Amazon.com 


Figure 6. Ask Kindle NowNow any question, and people will try to 
answer it. 


researched and included statements from Amazon on the sub- 
ject. The other two were short and not as informative, but still 
good. The responses also included links. Clicking on the links 
opens up the Kindle Web browser to the page in question— 
rather handy. 

Playing music on the kindle works for MP3 files. No other 
formats work. There's also no playlist support and no user 
interface apart from the Play button on the Experimental 
page. There are two undocumented keyboard shortcuts you 
can use: Alt-F to skip to the next song and Alt-P to Play/Pause 
the music. It's not the most useful of music players, but it 
does play music. 


The Kindle’s Openness 

Because the Kindle runs on Linux, you can download the 
source code to the Kindle from Amazon's Web site. Several 
bits of the code, like the GUI layer, are not available. 

The source code tar file weighs in at 72.4MB. When 
untarred, you are left with a gplresults directory. Inside this 
directory are the following tar.bz2 files: alsa-lib-1.0.6.tar.6z2, 
alsa-utils-1.0.6.tar.oz2, binutils-2.16.1.tar.oz2, bsdiff-4.3.tar.bz2, 
busybox-1.01.tar.6z2, bzip2-1.0.3.tar.bz2, dosfstools-2.11.tar.bz2, 
e2fsprogs-1.38.tar.bz2, freetype-2.1.10.tar.oz2, gcc-3.4.2.tar.bz2, 
jpeg-6b.tar.bz2, libpng-1.2.8.tar.bz2, linux-2.6.10-lab126.tar.bz2, 
module-init-tools-3.1.tar.bz2, ncurses-5.4.tar.bz2, 
ppp-2.4.4b1.tar.bz2, procps-3.2.7.tar.bz2, taglib-1.4.tar.bz2, 
u-boot-1.1.2.tar.bz2, uClibc-0.9.27.tar.oz2, util-linux-2.12.tar.oz2 
and zlib-1.2.3.tar.bz2. 

We can deduce several things from this list: the Kindle 
boots with Das U-Boot, it uses FreeType for fonts, ALSA for 
audio, and it is using a Linux 2.6.10 kernel. I’m not a program- 
mer, so | didn’t delve into the code to see what was changed, 
reworked or added. 


Hacking the Kindle 
One of the more interesting pieces of code on the Kindle is 
BusyBox. Its presence suggests there is support for a com- 
mand-line interface of some sort. It turns out there is, but it’s 
not easy to access. 

If you take the back cover off the Kindle, there is a little 
covered access port next to the battery. This access port can be 


a 


Figure 7. The console port on the back of the Kindle is small. 
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removed with a small flat-head screwdriver. Under the cover is 
a small ribbon connector port, which functions as a console 
port. See Resources for links to the full details of the hack. 


Exposing the Kindle’s Secrets 
Thanks to the intrepid hacker who hacked into the Kindle 
through the console port, several hidden features of the Kindle 
have been brought to light. 

First, there is a basic picture viewer built in to the Kindle. 
To enable it, you need to create a folder on the Kindle called 
pictures or dcim. In that folder, you can organize your photos 
into subfolders. Press Alt-Shift-Z while in the main menu of the 
Kindle, and each folder will appear as a separate “book” on 
the last page of the list of books. 


Figure 8. The options for the picture viewer app are few. 


While viewing pictures, you can use the menu to enable 
and disable dithering and shrink to fit. You also can view 
photos in full-screen mode. While looking at your pictures, 
you can press Alt-Shift-O to set the current picture as the 
picture for the Kindle screensaver. You also can press F to 
toggle full-screen mode. 

A picture viewer isn’t the only hidden application. There 
also is a Minesweeper game. You can launch it from the 
Kindle home screen by pressing Alt-Shift-M. From the menu, 
you can select different grid sizes from 4x5 to 8x10 to 
14x14. Unfortunately, the novelty of having Minesweeper 
on the Kindle wears off as soon as you start playing. The 
Kindle’s E Ink display just isn’t suited to quick changes to 
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Find the mines! 


Press |,J,K,L to move up,left,down,right 
Press ALT to toggle rows/columns scrolling 
Press the M key to mark/unmark mine 
Press SPACE to uncover a cell 

Press the R key to restart 


8 mines left. 


Laer 


Figure 9. You can play Minesweeper, if you have the patience for it. 


the screen. Moving the cursor in Minesweeper is an exer- 
cise in patience: you press L, wait a few seconds, and 
with any luck, the cursor moves one space to the left. The 
slowness of the gameplay is probably why Amazon never 
provided a proper link to Minesweeper in the interface. 
I'm glad Amazon didn’t take it out though, as it shows 
the Kindle is at least marginally capable of running a wide 
variety of software. 

The Browser has a few neat keyboard shortcuts, including 
links to Google Maps to show your current location (Alt-1), 
nearby gas stations (Alt-2), nearby restaurants (Alt-3) and 
nearby hotels (Alt-4). When you press Alt-5, a little box pops 
up asking “Are you looking for something nearby?”, and you 
enter what you're looking for, and it searches for it. Well, it 
would, if any of these shortcuts worked. Instead of working, 
the Kindle just goes to Google Maps and puts “Not Avail,Not 
Avail” into the location box. Either it just doesn’t work in my 
area, or there is some switch waiting to be thrown at 
Amazon or Sprint to enable it. 

Finally, there are several global shortcuts that come in 
handy. The first is Alt-Shift-R, which reboots the Kindle. Next 
is Alt-Shift-., which restarts only the Kindle GUI. This last 
one is the most useful, for me anyway—Alt-Shift-G is a global 
screenshot shortcut. 


Some Annoyances 
The Kindle is underpowered, especially with larger books or 
when it’s busy indexing or doing some other background task. 


Next, the Kindle crashed a few times during my testing. 
Granted, | was running several apps that don’t officially exist, 
but | don’t feel | should have had to use the reset button as 
often as | did. Amazon still has some work to do there. 

The Mobipocket format is another annoyance. It is an 
old binary format from the days when the Palm was known 
as the Pilot. It’s not a very well documented format, and all 
of the tools for converting documents to it are proprietary 
and Windows-only. 


Conclusion 
The big question regarding the Kindle is whether it is actually 
worth $350. My thought is it is, if you read a /ot. 

And, | do. | carry around lots of books and printouts 
and miscellaneous scraps of paper—some for enjoyment 
and many for my job. | used to try reading things on my 
computer, but found my eyes quickly tired, so | switched to 
printing out longer articles and documentation | wanted to 
read. Apart from being environmentally wasteful, all that 
loose, printed material has to be organized or it grows into 
a big mess. 

The Kindle has eliminated a lot of the mess. Now, when | 
head back to the server room, the only thing | need to carry is 
the Kindle—no stacks of notes and no reams of product docu- 
mentation. It’s all in the Kindle, along with a new novel to 
read while waiting for the server to finish its install. And, my 
desk is cleaner than any time in recent memory. 

Is it worth $350? For me? Yes.m 


Daniel Bartholomew lives with his wife and children in North Carolina. His normal on-line 
presence is at daniel-bartholomew.com, but he also can be found on Twitter as daniel_bart 
and on identi.ca (and Jaiku and Pownce) as bartholomew. 


Resources 


Kindle Source Code: www.amazon.com/gp/help/customer/ 
display.html?ie=UTF8&nodeld=200203720&tag=partic 
culturf-20 


A Discussion of the .mobi File Format: www.mobileread.com/ 
forums/showthread.php?t=16514 


Hacking the Kindle, Parts 1-3: 
igorsk.blogspot.com/2007/12/ 
hacking-kindle-part-1-getting-console.html, 
igorsk.blogspot.com/2007/12/ 
hacking-kindle-part-2-bootloader-and.html and 
igorsk.blogspot.com/2007/12/ 
hacking-kindle-part-3-root-shell-and.html 


MobileRead—a Forum Devoted to eBooks: 
www.mobileread.com 


Non-Amazon Places to Get Kindle-Ready Books: 
manybooks.net, www.baen.com/library, 
www.webscription.net and www.mobipocket.com 
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LINUX 
DEVICE 
ROUNDUP 


Four Linux device experts offer their opinions on the state of Linux 
devices and tell you about their must-have favorites. 


JAMES GRAY 


In this article, Linux Journal speaks with four Linux device experts—Henry Kingman, Rick 
» Lehrbaum, Shawn Powers and Bill Weinberg—in a virtual roundtable to take the pulse of 
Linux-based devices. They discuss the state of Linux-driven devices, their promise for the future 
and which ones are their favorites. Our roundtable participants are some of the best-known 
voices and “virtual pens” in the Linux device space: 


Shawn Powers is the celebrated 
Gadget Guy product reviewer for 
LinuxJournal.com and Associate 
Editor for Linux Journal. He is also 


Henry Kingman has edited the 
renowned site LinuxDevices.com since 
2003. Kingman started his Web publish- 
ing career in 1998 at ZDNet, building a 


massive TipZone database largely 
composed of Microsoft software bugs. 


Rick Lehrbaum is the founder 

and editor of the popular site 
DeviceGuru.com, an independent 
blog devoted to new and emerging 
device technologies. In addition to 
founding LinuxDevices.com—now a 


technology director for a K-12 school 
district in Michigan. 


Bill Weinberg is an Independent Analyst 
and Consultant at LinuxPundit.com. He 
also serves as General Manager of the 
Linux Phone Standards (LiPS) Forum and 
Mobile Linux Weatherman for the Linux 
Foundation. Previously, Weinberg was with 


Open Source Development Labs (OSDL) as 
cofounded Ampro Computers Senior Technology Analyst and manager of 
and consults for companies in the the group’s Mobile Linux and Carrier Grade 
embedded market. Linux Initiatives, as well as a founding team 
member at MontaVista Software. 


part of DeviceForge.com—Lehrbaum 
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What are the most significant 
trends in the world of Linux- 
based devices? 


Henry Kingman: Some trends in the 
world of Linux may be: 


m@ Using desktop and server software 
instead of special “embedded” 
software (Nokia started this trend). 


m@ Using Linux in place of an RTOS 
(real-time OS). 


@ Better “free” sources of Linux, such 
as the kernels, BSPs and filesystems 
supplied by chip or board suppliers 
and open-source projects. 


@ More commercial support options, 
with hybrid service/product compa- 
nies like Embedded Alley making 
headway. 


@ Better tools, with the industry aligning 
behind Eclipse and its top-level Device 
Software Development Platform. 


Trends caused by Linux may include: 
@ Ridiculous feature proliferation, such 
as multiple radios in mobile devices, 
car stereos that can park the car, 
vending machines that phone in 
orders and so on. 
m@ Ubiquitous networking. 


@ Ubiquitous Web control interfaces. 


@ Near-ubiquitous media rendering 
and GPS. 


@ Richer interfaces across the board. was Linux, but wasn’t really about 
Linux. It’s as if we've finally taken over 
the world, and it’s not as exciting as we 


thought it would be. 


m Ever-shorter product life cycles. 


Rick Lehrbaum: First, Linux is really 
well established. It’s become the default 
choice for devices with 32-bit proces- 
sors—that is, developers tend to start 
with the assumption that they'll use 
Linux and use something else only if 
they require special capabilities, or if 
the “politics” of their company are 
strongly stacked in favor of an RTOS 
or Windows CE/XPe. 

Second, Linux has become the 
default OS for several device categories, 


Bill Weinberg: Linux is becoming 
increasingly ubiquitous as an embedded 
software platform. From data gleaned 
from analyst reports and from my own 
direct contact with OEMs, about one- 
third of 32- and 64-bit designs are using 
Linux. Application areas include mobile 
telephony, consumer electronics, auto- 
motive systems/GPS, telecommunica- 
tions and networking infrastructure, 
even medical and aerospace/defense. 


“The second major trend is that the 
upward motion of the value line put 
OEMs in the pilot seat.” —sii weinberg 


including the emerging MID, Netbook 
and Nettop product categories; tradi- 
tional thin-client terminals; Wi-Fi 
routers; set-top boxes, such as TiVo 
and the Roku Netflix box; and very 
significantly, mid- and high-end 
mobile phones. 


Shawn Powers: | think largely the idea 
that Linux is no longer a buzzword, but 
rather the norm, is very significant. It’s 
almost unsettling that so many devices 
are incorporating Linux, and yet that 
isn’t as unique and exciting as it used to 
be from a marketing standpoint. Back in 
August at LinuxWorld, | noticed a huge 
trend in that so much of the conference 
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Figure 1. Consolidation (Copyright LinuxPundit 2008) 
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Mobile Linux Operating System 


Trends that | see include consolida- 
tion of systems/software platforms— 
mobile in particular. The visible manifes- 
tations of the trend toward consolida- 
tion include the merger of dot-orgs like 
LiPS and LiMo; companies like ACCESS, 
Azingo, Purple Labs and others joining 
LiMo and embracing that platform 
spec; Intel embracing Ubuntu/Canonical 
as part of Moblin and also buying 
OpenHand; Wind River buying Mizi 
Research; and Sun refocusing the 
role of Linux-based JavaFX Mobile to 
complement Google/Android. 

Frankly, more important (in my 
humble opinion) than “.organic” mergers 
and activities is ORGANIC consolidation. 


Operator 
Value-Add 


Value Line 


Hardware and Device Drivers 
= 


Figure 2. OEMs in the Pilot Seat (Copyright LinuxPundit 2008) 
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FEATURE Linux Device Roundup 


Roku’s Netflix Player 


(www.roku.com/products/netflixplayer) 


“Instant movie gratification” coos 
Henry Kingman of Roku’s Linux- 
driven Netflix Player, a networked 
video device that delivers Netflix 
streaming content directly to your 
television. It provides access to a 
library of more than 12,000 on- 
demand titles from Netflix. The 
Netflix Player is HD-ready and has 
all the connections you need to 
connect to a TV, HDTV, home 
theatre or A/V receiver, including 
HDMI. The device includes 
Ethernet and Wi-Fi (802.11b/g), 
allowing one to play, pause, 
fast-forward and rewind movies 
directly from the Internet over 
a home network. 


ooo! 1- 


Roku Netflix 


Roku has used Linux on the Netflix 
Player has since its inception. 
Roku’s David Westerhoff, Director 
of Software Engineering, says his 
company chose Linux because it 
has “come a long way” and allows 
it to “focus on developing [its] 
application and helps keep the 
costs down”. Westerhoff adds that 
having the source code gives his 
team the flexibility to “go deep if 
necessary to debug, troubleshoot 


In particular, if you look at the range of 
FOSS and commercial mobile platforms 
(including those mentioned above), you 
will see a consolidation of foundation 
components around: the Linux kernel 
2.6, glibc, GTK+/Cairo/Pango, WebKit, 
GStreamer and Java (still a must for 
legacy interoperability). This develop- 
ment is illustrated in Figure 1. 

The second major trend is that the 
upward motion of the value line put 
OEMs in the pilot seat. OEMs and 


and optimize our software for 
the best user experience”. During 
product development, Roku devel- 
opers found and fixed about a 
half-dozen distinct bugs in the 
build toolchain, plus some driver- 
specific bugs. However, the 2.6.19.1 
Linux kernel has been very stable 
and required no modifications to 
the product. 


The device uses the MIPS-based 
PNX8935 SoC from NXP 
Semiconductors for application 
and video processing. The applica- 
tion is written primarily in C++ and 
runs a Linux 2.6.19.1 kernel. Roku 
uses DirectFB to provide an 
abstraction layer for the graphics 
and video services on the platform 
and Qt 4.3 to provide a framework 
for Ul development. The device 
has no hard disk, just 256MB of 
DDR RAM to provide the memory 
needed for its applications, plus 
the buffering necessary to support 
streaming video playback. 


“Robust video streaming over 
home networks takes a significant 
amount of effort to get right”, 
adds Westerhoff. Therefore, the 
Player uses dynamic bandwidth 
detection to select the best possi- 
ble stream for the user’s network 
and then monitors it continuously 
during playback to provide the 
best user experience possible. If 
the available bandwidth changes, 
the device responds by selecting a 
new stream at a bitrate appropri- 
ate for the situation. 


integrators have a better range of choices 
with regard to buying and/or building a 
Linux-based embedded platform and 
toolkit. They can certainly turn to OSVs, 
like MontaVista and Wind River, and/or 
smaller packaged product/services com- 
panies. They also can purchase applica- 
tion-purposed vertical stacks for mobile, 
automotive, MIDs and so on from com- 
panies like those mentioned above. 
They also can, with more confidence 
than ever before, self-integrate bits 
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directly from OSS projects with their 
value-added internal code and |SVware. 
And, they can mix and match. This 
development is illustrated in Figure 2. 


Are you optimistic for the 
future of Linux-based devices? 


Kingman: Yes. If they are running 
Linux, they won't crash, and the battery 
will last a long time. 


Lehrbaum: Yes, very much so. Silicon 
vendors now favor Linux as the number- 
one platform to get their new device-ori- 
ented processors, chipsets and peripheral 
controllers up and running on, so Linux 
support gets a strong head start and is 
generally promoted by chip makers. 


Powers: Oh, without a doubt. In fact, 
although | was joking a bit regarding 
“taking over the world”—I think Linux 
will continue to spread into the embed- 
ded market. It just makes sense. Also, 
with projects like Moblin and its ilk, 
embedded Linux on devices is looking 
really snazzy. 


Weinberg: | remain very bullish on 
Linux as embedded systems software, 
notwithstanding announcements from 
Nokia, Symbian and others (see my 
blog, address in the Resources for this 
article) and advances by Microsoft. 
These and other moves/gestures toward 
openness and FOSS “scratch the itch” 
for access to source code as docu- 
mentation and for source escrow, but 
they don’t offer the unique combina- 
tion of community-driven development, 
scalability, performance and real self- 
determination that you get with Linux 
and accompanying FOSS. 


Do you consider any particular 
devices from the past year or 
so to be game-changers for the 
success of Linux? If so, why? 


Kingman: The Wind River Linux 
Platform for Infotainment, for showing 
Linux could crack the automotive OEM 
equipment market; Motorola’s Rokr Z6, 
for showing that a Linux phone could 
ship in volume in the US; the Netflix 
Player, for showing how inexpensive 
and powerful Linux multimedia devices 
can be; the myriad Orion-based NAS 
devices, for making NAS affordable to 


home users; and low-cost, power-effi- 
cient Nettop and Netbook devices, such 
as the Eee PC, for bringing desktop 
Linux to the masses. 


Lehrbaum: | really like the Netflix 
movie-streaming set-top-box (manufac- 
tured by Roku). Linux has long been a 
winner in TV set-top boxes (think TiVo), 
and it’s an area of exploding interest, 
given the growing ubiquity of broad- 
band and drive toward streaming 
content to everyone's home theaters. 
Automotive infotainment systems— 
featuring GPS, traffic updates, Internet 
access, streaming media, VoIP and so 
on—is another area set to explode. 


There also are two+ major emerging 
device categories that both typically 
either come standard Linux or offering 
Linux as a full-fledged alternative to 
Windows: MIDs (mobile Internet 
devices), Netbooks and Nettops. All 
these terms were coined by Intel. MIDs 
strongly favor Linux due to being more 
appliance-like with built-in applications 
and not a lot of capability for normal 
users to alter the application set. 
Netbooks, typified by the Eee PC, have 
fully functional OSes, albeit stripped to 
fit in limited resources (often Flash, 
though HDDs sometimes are available 
as an option). They are generally avail- 
able with Linux-only offered for the 
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FEATURE Linux Device Roundup 


Kangaroo TV 


(www.kangaroo.tv) 


It's official, folks—Linux has gone 
Joe Six-Pack. That’s because our 
beloved OS has infiltrated the 
world of NASCAR autoracing and 
other sporting events. Embedded 
Linux is the horsepower under the 
hood of Kangaroo TV, a new 
device available for rental at 
NASCAR (and soon other) events 
that gives spectators a more enter- 
taining autoracing experience. The 
wireless, handheld Kangaroo TV 
provides racing fans a slew of 
event information, including ten 
live MPEG-4 video feeds (replays, 
highlights and in-car views), 64 
AC3 audio feeds (driver-to-pit 
conversations and commentary) 
and a plethora of real-time stats. 


Jean Arseneau, Kangaroo’s CTO, 
says that his firm chose Linux 
four years ago for many reasons, 
including its good fit with the 
ARM processor, strong customiza- 


least expensive models and a choice of 
Linux or Windows XP Pro for the higher- 
end models (which have more RAM and 
storage Flash or HDD). A variant of the 
Netbook is the Nettop, having similar 
computing resources (including chipsets) 
but packaged in a mini PC-style box 
rather than the mini laptop-style for- 
mats of Netbooks. 


Kangaroo TV 


tion possibilities, easier standard- 


ized device driver development, 
easier graphic application devel- 
opment with embedded Qt, 
availability of codec open-source 
libraries and a small footprint, 
among others. 


Linux also has allowed Kangaroo 
to offer advanced features, says 
Arseneau, such as video fluidity 
and audio quality with low latency 
and a high level of user customiza- 
tion. The device is upgradeable 
through the USB port by becoming 
a mass storage to the PC. 


low-end models, this could be good 
news for Linux. However, as costs come 
down and RAM/Flash becomes higher 
density, the barriers to using Windows 
(depending on Microsoft's price posi- 
tioning) could make Windows afford- 
able. But clearly, the lower the end-user 
pricing of a Netbook, the less likely it is 
going to be able to afford a full-function 


“But clearly, the lower the end-user pricing 
of a Netbook, the less likely it is going to 
be able to afford a full-function MS OS 
like Windows XP or Vista.”—nrick Lehrbaum 


The [articles on Netbooks by 
Lehrbaum, linked to in the Resources 
section] project the Netbook market will 
reach 50 million units by 2012, up from 
about 5 million this year. Obviously, 
given Linux as a baseline OS in the 


MS OS like Windows XP or Vista. 

So there is exciting potential here for 
Linux. Furthermore, bearing in mind that 
the whole idea of Netbook is the Net— 
that is, Web-based applications are cen- 
tral to its functioning. Thus, a Netbook is 
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a bit like an Internet-connected thin 
client, and Linux does very well in such 
scenarios. Consequently, Netbooks 
should be considered a very high-priority 
target for Linux, just as mid- to high-end 
mobile phones are an important battle- 
ground for embedded Linux. 

And, just as Netbooks are a fertile 
field for Linux, the same is true with 
Nettops—devices in which much of the 
heavy-lifting apps are Internet-based, 
and the device itself mainly needs a 
browser, e-mail client (not even 
required), media players and other basic 
functions, but are not expected to be 
true PCs that run every app you might 
want to try to load from a DVD. 


Powers: Yes, indeed. The Eee PC 
began a trend that not only caught 

on like wildfire, but also significantly 
displayed Linux as a viable operating 
system for standard computer usage. 
We're just beginning to see how the 
Linux Netbook idea will change comput- 
ing. The Netbooks are smaller than 
standard computers (or even note- 
books), so they have a lot in common 
with handheld devices, and yet they are 
fully functional, so they demonstrate 
some of the same characteristics as a 
standard desktop solution. | think 
Netbooks might bridge the gap and 
open the door for vendors to take 
another look at pre-installing Linux on 
OEM hardware—even on the big desk- 
top machines. That’s my hope anyway. 


Weinberg: Embedded Linux is already 
incredibly ubiquitous in intelligent 
devices. The real question is “What 
would change the game?” | think 
there are two vectors that could boost 
embedded Linux positioning: 


1. Truly open mass-market devices running 
Linux plus enabling middleware that 
would engender and excite both ISVs 
and a targeted developer community. 


2. Highly differentiated devices where 
Linux at the core would make a real 
impression on end users and build 
brand equity. 


| haven't seen either of those situ- 
ations emerge yet, but then again, 
other embedded platforms don’t enjoy 
either scenario. Most RTOSes are 
100% invisible to end users (except 


TomTom GO 930 


(www.tomtom.com) 


TomTom’s GO 930 is one of the 
slicker portable navigation devices 
(PNDs) running Linux that has 
caught our experts’ attention. Just 
switch on the GO 930 and get 
moving, right out of the box, to 
find any address in the US, Canada 
or Europe, complete with turn-by- 
turn spoken instructions. Bill 


Weinberg raves about the TomTom 


devices because they offer “a 
great experience at an aggressive 
price and have features that | really 
love”. He touts the community- 
based points of interest and IQ 
Routes (explained below), as well 
as TomTom’s humorous approach 
to in-car navigation. For instance, 
you can choose John Cleese’s voice 
to guide you, chuckling your way 
from point A to point B. 


Although TomTom is coyest of all 
about sharing information on its 
Linux internals, it trumpets the IQ 


when they fail). Even Windows Mobile 
does not enjoy ubiquitous end-user 
pull, nor much popularity among 
developers, even if in some markets 
it’s the only game in town. 


What limitations or barriers 
need to be overcome for 
world domination by Linux 
in the devices space? 


Kingman: Well, Linux has been the 
dominant device OS since 2003 or 
2004, according to the market research 
| see. For it to continue, | see three 
hurdles to clear: 


1. Each vertical market may ultimately 
need to fight fragmentation by form- 
ing an industry group and/or support 
existing standardization efforts, like 
CELF, LiMo, the LF and so on. That 
way, the “value line” separating what 
you get for free vs. where you start 
differentiating your product can con- 
tinue to rise, which in turn will attract 
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TomTom’s GO 930 


Routes that Weinberg enjoys. 
These are optimal driving routes 
that have been gathered by its 
users, calculated by gathering 
voluntary, anonymous historical 
driving data from more than 
seven million users. 


But, the GO 930 isn’t the only 
Linux-driven PND in TomTom’s 
lineup—all of the company’s prod- 
ucts are and have been since 2004. 


new adopters. Linux is a collabora- 
tion, and | suspect that the better we 
work together, the bigger it will get. 


2. Within the limitations of the fast 
product development cycles embed- 
ded Linux developers have to deal 
with, it would be great if more of 
them would get involved in Linux 
kernel development. By “active role”, | 
mean tracking current kernel versions 
when feasible during development and 
submitting patches to the LKML. This 
saves Linux from being wholly shaped 
by enterprise server companies, but it 
also makes things easier when the 
time comes to port your stack forward 
to a new kernel version (if you ever 
plan to do that), especially if your 
patches are accepted. 


3. It would be great if things continue 
to get easier, financially, for the com- 
mercial embedded Linux OS and tool 
providers like MontaVista, Wind 
River and others. These companies 
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FEATURE Linux Device Roundup 


MooBella 


Our beloved Linux can do almost 
anything, including producing 
real, fresh ice cream in 45 sec- 
onds flat! Well, it used to do 
that anyway. For almost three 
years, Linux was the OS inside 
the MooBella Ice Cream System, 
a device that produces hard- 
packed ice creams fresh to order. 
The device also used Firefox and 
open-source SQL databases. 
LinuxDevices.com’s Henry 
Kingman interviewed MooBella’s 
VP of Engineering, Jim Baxter, 
who spoke highly of Linux, 
saying, “This product has gotten 
further than | ever imagined, 

in my wildest dreams.” 


Then in early 2008, MooBella 
switched manufacturers, the new 
one a Windows-only shop chosen 
for non-OS-related reasons, said 


contribute quite a bit to open-source 
projects, like Linux and Eclipse, as 
well as to standards bodies and 
industry groups, helping to ensure 
that embedded interests are well 
represented in key projects. 


Lehrbaum: One area of concern is the 
lack of a truly dominant, mainstream, 
free graphical application toolkit for 
device applications based on Linux. Qt is 
popular, but there are licensing and roy- 
alty requirements for commercial device 
applications. This could result in design 
wins for Windows CE, which is offered 
at a fairly low royalty rate to OEMs, and 
which has excellent and inexpensive 
development tools. 


Powers: If you look at the number of 
Linux-based devices in the market now— 
not a whole lot needs to be done. | think 
perhaps we need to market “Linux 
Inside” stickers, so people actually know 
there’s a penguin under the hood. 

If you look slightly outside the gadget 
or device arena, however, there are a few 
hurdles that are still sizable. | have a 
friend who works for Honeywell, design- 
ing hardware-testing solutions. Much of 


MooBella 


Bob Brooks, MooBella’s Director of 
Marketing. Although we are sad- 
dened to see such a neat device 
move over to the other side, it’s a 
great feeling to know that our 
favorite OS can help make your 
favorite ice cream! 


the firmware and software he develops 
for the hardware is still in MS-DOS. Many 
vendors are still embedding with DOS 
and providing only DOS drivers for their 
hardware. Since he’s a friend, I’ve been 
hounding him for years to start switching 
over to Linux instead of building layers of 
DOS on top of Windows solutions, but in 
the end, he's held hostage by hardware 
vendors not opening up their specs 
enough to allow a programmer any 
access outside their proprietary DOS or 
Windows drivers. Because much of what 
he builds is mission-critical (and often 
could endanger lives), reverse-engineering 
isn't something he feels confident doing. 
It's very frustrating. 


Weinberg: In real-world terms, “world 
domination” and 30%+ market share 
are almost synonymous. However, some 
ongoing barriers to adoption include: 


@ The refusal by the kernel developer 
community to stabilize kernel APIs 
and driver architecture to help OEMs 
and OSVs “future-proof” device 
drivers. The mismatch between the 
practices of this important community 
and actual industry practices is a gap 
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that neither side is ready to bridge. 


@ The hazy definition of “embedded 
Linux” and “mobile Linux” that is 
presented to ISVs and other develop- 
ers not currently familiar with Linux. 
Although Windows/CE/Mobile, 
Symbian and Java are actually rather 
fragmented of their own accords, 
they at least provide the appearance 
of unified APIs and SDKs. The situa- 
tion for Linux is improving. See the 
emerging quasi-standardized APIs 
from LiMo, OHA and others. 


Mf The insistence of many embedded 
industry players, advocates and 
opponents of embedded Linux alike, 
in perpetuating concerns about GPL 
and other OSS licensing terms. 
Reciprocity need not be equated with 
“infection” and “contamination”. 


Are there any “dud” devices 
out there that don’t live up to 
their promise in your view? 


Kingman: Any Linux device released 
without source code or a promise to 
provide it is a dud in my book. There 
tends to be more GPL license violations 
in the device world, | guess because 
people think that no one will notice or 
want to modify software that's “embed- 
ded” inside a device. But, it’s pretty obvi- 
ous which devices out there run Linux. 
Usually, you can tell from a glance at the 
spec sheet—let alone any of the more- 
technical telltale fingerprints. 


Lehrbaum: The Nokia 770. I’ve had 
one since it came out and have updated 
to the latest released OS for it, but | 
have to say that its capabilities are 
quite disappointing—particularly in 
comparison to how well Apple’s iPhone 
performs on a small touchscreen. 


Powers: Well, my Eee PC's tiny key- 
board annoys me, but my fat fingers 
shouldn't count as a strike against 
ASUS. If there's a potential dud, it 
would be with the saturation of 
Netbook solutions from multiple ven- 
dors, and multiple revisions from the 
same vendors. I’m not sure whether 
that means it's a dud or just the natural 
progression of a viral product idea, but | 
do worry that it will start to veer people 
away from the tiny Notebook concept. 
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Conference: When SC08 opens November 15, 2008 in Austin, Texas, 
= the conference series will celebrate its 20th anniversary as 


= the premier international conference on high performance 
Nov. 15 21, 2008 computing, networking, storage and analysis. The confer- 
ence features the latest scientific and technical innovations 


Exhibition: from around the world. Bringing together scientists, 
engineers, researchers, educators, programmers, system 
Nov. 17-20, 2008 administrators and managers, SC08 is the forum for 
demonstrating how these developments are driving new 
z 7 ideas, new discoveries and new industries. 
Austin Convention Center 
Austin, Texas Plan now to be a part of SC08 and its program of trailblaz- 
ing technical papers, timely tutorials, invited speakers, 
up-to-the-minute research posters, entertaining panels 
and thought-provoking birds-of-a-feather sessions. 
New for 2008 will be two Technology Thrusts: Energy 
and Biomedical Informatics. Additionally, exhibits from 
industry, academia, and government research organiza- 
tions will demonstrate the latest innovations in computing 
and networking technology. SCO08 promises to be the most 
exciting and innovative SC conference yet! 


oe 
SCOS 


AUSTIN, TX 


’ For complete information, visit the SC08 Web site 


C08 Sponsors: at www.scO8.supercomputing.org 


IEEE Computer Society 
ACM SIGARCH 


cb Q ren 
SOCIETY 


S- 
< 
= 
O 
— 
Lu 
M 
O- 
O 
WY) 
MM 
— 
Y) 


Weinberg: It’s best to reference the 
reviews on LinuxDevices.com. The 
biggest dud concept, however, is that 
Linux-based phones confer almost none 
of the virtues to those devices that the 
OS does to other devices. 


Kingman: Limiting myself to currently 
available offerings: 


m@ Netflix Player—instant movie 
gratification! 


@ Nokia N810—sofa surfing! 
@ Motorola U9—ooh, curvy! 
@ MooBella ice cream machine—moo! 
M@ The ones you build yourself—custom! 


Lehrbaum: As mentioned above, the 
Roku Netflix box. Key features are its 
low cost, simplicity, low power con- 
sumption, ease of wireless configuration 
and a very nice, clean Ul. 


Powers: Although I’ve never touched 
one, the Nokia devices look like awe- 
some little handheld devices. The 

ASUS Eee PC 701 was very significant, 


LinuxDevices.com: linuxdevices.com 


DeviceGuru: www.deviceguru.com 


and even if just by merit of originality, 
it's one of my favorites. | like the 
OpenMoko FreeRunner, and although 
it's not ready for prime time yet, | 
think it might be a huge boon to 
Linux-based cellular phones. Add in 
the adorable Tux Droid, and | think 
you have a handful of really nifty 
Linux devices. One is even penguin- 
shaped. [See page 46 for a review of 
the OpenMoko Neo FreeRunner and 
page 64 for an article on hacking 
Nokia Internet tablets. ] 


Weinberg: On a purely personal note, 

some of my favorite Linux-based devices 

from recent years include: 

@ TomTom navigation systems. 

@ Kangaroo TV (NASCAR streaming video). 

@ Dash in-car navigation with real- 
time interactive traffic data. [See 
Kyle Rankin’s review of the Dash 


on page 50.] 


m BMW Series 3 and 5 vehicles.m 


James Gray is Linux Journal Products Editor and a graduate 
student in environmental sciences and management at 
Michigan State University. A Linux enthusiast since the 
mid-1990s, he currently resides in Lansing, Michigan, 
with his wife and cats. 
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INDEPTH 


Automate System 
Administration Tasks with 


Puppet 


Use Puppet for configuration management. SEAN WALBERG 


If you have more than one UNIX box in your care, you know 
how duplication happens. Every machine needs a common set 
of settings. Package upgrades need to be deployed. Certain 
packages need to be on every server. 

You also want to make sure that any changes to your 
systems happen in a controlled manner. It’s one thing to start 
off with two servers that are similarly configured; it's another 
thing to know they're the same a year later, especially if 
other people are involved. 

Puppet is a system for automating system administration 
tasks (in the author’s own words). In the Puppet world, you 
define a policy (called a manifest) that describes the end state 
of your systems, and the Puppet software takes care of mak- 
ing sure the system meets that end state. If a file changes, it is 
replaced with a pristine copy. If a required package is removed, 
it is re-installed. 

It is important to draw a distinction between shell scripts 
that copy files between systems and a tool like Puppet. The 
atter abstracts the policy from the steps required to make a 
system conform. Puppet is smart enough to use apt-get to 
install a package on a Debian system and yum on a Fedora 
system. Puppet is smart enough to do nothing if the system 
already is conformant to the policy. 

The Puppet system is split into two parts: a central server 
and the clients. The server runs a daemon called puppetmaster. 
The clients run puppetd, which both connects to, and receives 


Packages Are Good 


Some people scoff at the idea of using a prebuilt binary pack- 
age and prefer to build everything from source. That'll work, 
but it just doesn’t scale. When you get further along with 
Puppet, you'll see how your manifest can manage packages 
with a single line. It's certainly possible to specify all the files 
you built, but then you're putting in a lot of needless effort. 


You can (and should) build your own packages where needed. 
Packaging your own applications means you will build the 
software consistently, version after version, so that files will 
be in the same place and you won't accidentally drop fea- 
tures. Building your own packages also handles dependencies 
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connections from, the puppetmaster. The manifest is written 
on the puppetmaster. If Puppet is used to manage the central 
server, it also runs the puppetd client. 

The best way to begin with a configuration management 
system like Puppet is to start with a single client and a simple 
policy, and then roll it out to more clients and a more complex 
policy. To that end, start off by installing the Puppet software. 
Puppet is written in the Ruby scripting language, so you need 
to install that before you begin (Ruby is available as a package 
for most distributions). 


Installation 
If you choose to install from source, you need the facter and 
puppet tarballs from the author's site: 


® http://reductivelabs.com/downloads/facter/facter-latest.tgz 
@ http://reductivelabs.com/downloads/puppet/puppet-latest.tgz 


The facter tarball contains the Facter utility, which 
generates facts about the host system. Facts can be any- 
thing from the Linux distribution to whether the host is a 
virtual machine. The puppet tarball contains both puppetd 
and puppetmaster. 

Untar the files (tar -xzf facter-latest.tgz and tar 
-xzf puppet-latest.tgz). Change to the newly created 


against other packages and keeps track of software versions. 


In all likelihood, you will end up with your own package 
repository that holds your locally developed packages 
and any vendor packages that you've modified. You also 
will use Puppet to ensure that your clients are pointed at 
your repository. 


Installing Puppet from a package also lets you manage 
the client's Puppet software through Puppet itself. Need 
to upgrade in order to get more features? Simply update 
your manifest. 


facter directory, and run ruby install.rb as root. You will 
do the same for the puppet directory, which installs both the 
client and server packages. 

Then, run: 


puppetmasterd --mkusers; chown puppet /var/puppet 


on the puppetmaster to create the puppet user (which 
also creates the initial directory structure and then fixes 
a permissions problem). You can skip this step if you are 
installing from packages. 

On the client, run: 


puppetd --mkusers; puppetd --server puppet.example.com --test 


substituting the name of your puppetmaster for 
puppet.example.com, which creates the user and directory 
structure on the client, and then begin the SSL key 
exchange between the client and the server. You will get 
an error about certificate validation, because the certifi- 
cates are not trusted yet. 

Back on the puppetmaster, run puppetca --list to show 
the outstanding certificate requests. You then can use puppetca 
--sign to accept the certificate, as shown below: 


[root@test1 etc]# puppetca --list 

test2.ertw.com 

[root@test1 etc]# puppetca --sign test2.ertw.com 
Signed test2.ertw.com 


At this point, the client and server have a mutually 
trusted connection. The next step is to define the manifest. 
For this article, I'm using the network time protocol (NTP) 
dzemon as an example. The goal is to define a manifest 
that ensures the demon is installed, configured and in the 
boot sequence. 


Defining the Manifest 
In Puppet terms, a resource is something being managed 
and the attributes that define it. A resource might be a file 
that has permission attributes or a package with a name 
and a version. Puppet comes bundled with many resource 
types; you also can create your own or download those 
that others have made. 

The central manifest is defined in /etc/puppet/manifests/site.pp. 
Start with a simple resource defining the NTP package: 


package { 
ntp: 
ensure => installed 


The above defines a package resource called ntp with one 
attribute called ensure. The ensure attribute defines the state 
of the package, with values such as installed, absent, latest or 
even a version number. 

Puppetmaster will notice the change in site.pp and reload 


the manifest. The client will check in only every half-hour, so 
you can restart puppetd or send the process the SIGUSR1 
signal to force the client to check back with the server 
immediately. If all goes well, your client will read the mani- 
fest and install the ntp package. Try removing the package, 
and it will be replaced within 30 minutes. If not, check your 
logs (usually /var/log/messages) for any errors, and make 
sure your site.pp is correct. 

NTP also requires a configuration file called /etc/ntp.conf. 
Puppet has a resource type called file that handles files. The 
puppetmaster will hold the master ntp.conf and copy it to the 
clients should they change their copies. 

Create a directory in /var/puppet called files. Then, 
create /etc/puppet/fileserver.conf as shown below, and 
restart puppetmasterd: 


[files] 
path /var/puppet/files 
allow * 


fileserver.conf defines file shares for the internal 
Puppet file server. The above example implements a share 


It is important to draw a 
distinction between shell 
scripts that copy files between 
systems and a tool like Puppet. 


called files, which corresponds to a directory on the 
puppetmaster called /var/puppet/files. Use a URL like 
puppet://puppet.example.com/files/etc/ntp.conf to access a file 
located at /var/puppet/files/etc/ntp.conf on the puppetmaster. 
The allow * grants access to all puppet clients. 

Put a working ntp.conf in /var/puppet/files/etc/, and then 
add the following to your existing site.pp: 


file { 
"ntp.cont": 
mode => 644, 
owner => root, 
group => root, 
path => "/etc/ntp.conf", 
source => “puppet://puppet.example.com/files/etc/ntp.conf" 


The format of this file resource is much like the package 
you previously set up. The resource has a tag of ntp.conf 
(which is quoted because of the period). The mode, owner 
and group attributes specify the file’s permissions. The path 
attribute is the local path, which, if omitted, defaults to the 
value of the tag (the tag does not have a full path in this 
case, however). Finally, the file’s source is a puppet URI that 
will be pulled from the puppetmaster. 

Restart the puppet daemon on the client (or wait 30 
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minutes), and you will see ntp.conf has been updated. If you 
try to change it, you will see that it is replaced in the next cycle. 

The final resource needed is the service resource, whose 
job is to make sure a daemon is running and that the damon 
is in the startup scripts (or not, if that’s your desire). Add the 
following fragment to your site.pp: 


service { 
ntpd: 
ensure => true, 
enable => true, 
subscribe => [ File["ntp.conf"], Package[ntp] ] 


The service resource handles the ntpd service. The ensure 
attribute makes sure the daemon is running, and the enable 
attribute makes sure it is part of the startup script. The 
mechanics of this are handled by a provider, and each OS and 
distribution can have a different provider for each type of ser- 
vice. On Red Hat and Fedora systems, the service provider uses 
the chkconfig and service utilities. 

The subscribe attribute brings the three resources 
together. The service resource is subscribed to the ntp.conf 
file resource and the ntp package resource. If any one of 
them change, the service resource is notified, which is an 


Puppet comes bundled with 
many resource types; you also 
can create your own or download 
those that others have made. 


indication that the service should be restarted. This means 
you can push out changes by editing the master file on 
the puppetmaster, and on the next cycle, the client will 
download the new configuration and restart the daemon 
without your intervention. 

The subscribe attribute can take either a single element, 
such as Package[ntp], or multiple elements written in array for- 
mat, such as [ element1, element2]. Also be careful to capitalize 
the reference, as the lowercase version has been deprecated and 
will not work at some point in the future. 


Introducing Classes 

Although powerful, these resource definitions can become 
unwieldy. Puppet has ways around this too. Create a directory 
under manifests called services, and create a file in this directory 
called ntpclient.pp with the following contents: 


class: ntpelient: { 
package { 
ntp: 
ensure => installed 
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Fite { 
"ntp.conf": 

mode => 644, 

owner => root, 

group => root, 

path => "/etc/ntp.conf", 

source => 

"puppet://puppet.example.com/files/etc/ntp.conf", 

i 


service { 
ntpd: 
ensure => true, 
enable => true, 
subscribe => [ File["ntp.conf"], Package [ntp] ], 


This new file contains the three resources you created 
earlier, surrounded by a class definition. A class groups 
several resources, which simplifies your configuration and 
promotes manifest sharing. 

Now, replace your site.pp with this simplified manifest: 


import "services/*" 
include ntpclient 


The import line reads in all the files inside the services 
directory. The include line evaluates the class, which means 
that the class will be applied to the node. This configuration 
has the same effect as the one before, except the NTP client 
functionality now has been bundled into the class. 


Getting Selective 

So far, the manifest has assumed that all clients get the same 
configuration. The easiest way to give different configurations 
to different clients is with a node definition. A node definition 
applies a series of configuration directives to a given set of 
nodes. Replace your site.pp as follows: 


import "services/*" 


node test2, test3 { 
include ntpclient 


node default { 


With this policy in place, only test2 and test3 will have the 
ntp client class applied. Any other client will be caught by the 
default statement, which has no resources defined. 

Facter is another way to differentiate hosts. Facter gen- 
erates facts about a machine, such as the operating sys- 
tem, hostname and processor. Simply type facter to see a 


list of the currently known facts. Here is a subset of the 
facts generated on one of my test machines: 


architecture => 1386 

domain => ertw.com 

facterversion => 1.3.8 

fqdn => test2.ertw.com 

hardwareisa => 1686 

hardwaremodel => 1686 

hostname => test2 

id => root 

ipaddress => 192.168.1.143 

ipaddress_ethO => 192.168.1.143 

kernel => Linux 

kernelrelease => 2.6.18-8.e15xen 
Isbdistcodename => Final 
Isbdistdescription => CentOS release 5 (Final) 
lsbdistid => CentOS 

Isbdistrelease => 5 

macaddress => 00:16:3E:5D:22:17 
macaddress_ethO => 00:16:3E:5D:22:17 
memoryfree => 159.17 MB 

memorysize => 256.17 MB 

operatingsystem => CentOS 
operatingsystemrelease => 2.6.18-8.e15xen 
processor® => Intel(R) Pentium(R) 4 CPU 1.80GHz 
processorcount => 1 

ps => ps -ef 

puppetversion => 0.24.2 


Facts are exposed in the manifest as variables. The 
operatingsystem fact is seen as $operatingsystem. A common 
use of this is to make the same resource behave differently, 
depending on the operating system: 


file “too” 
name => $operatingsystem ? { 
solaris => "/usr/local/etc/foo.conf", 
default => "/etc/foo.conf" 


The above example uses a Puppet selector to set the name 
attribute instead of a static string. A selector is much like a 
case statement in that it can return different values depending 
on the input. This file resource refers to /usr/local/etc/foo.conf 
on Solaris systems and /etc/foo.conf on other systems. The 
system type is determined from the input to the selector, 
which is the $operatingsystem Facter variable. 

You can add your own facts by writing a Ruby script. See 
Resources for links to documentation for adding custom facts. 


Puppet vs. the Alternatives 

My first experience with configuration management was with 
a product called cfengine. With cfengine, | was able to man- 
age a Web cluster of 14 servers easily and reduce the time to 
install a new node from several hours to a matter of minutes. 


Puppet's author has a great deal of cfengine experience and 
built Puppet to address many shortcomings of cfengine. 

Given that cfengine has a much wider install base than 
Puppet, why would one choose Puppet? After comparing the 
two, I've discovered several reasons. First, Puppet has a much 
cleaner configuration than cfengine. In the cfengine world, 
you are concerned with the ordering of certain operations, 
whereas Puppet handles ordering with the subscribe attribute 
(and some others). 

Cfengine has many commands for adding and removing 
lines from files, which don’t exist natively in Puppet. Puppet 
addresses this by providing native resource types for many 
of the systems that | found myself editing by hand, such as 
mountpoints. Using a dedicated resource type means the 
manifest is clear and simple. 

Cfengine is open source, but it has a more closed commu- 
nity than Puppet. You can extend cfengine through modules, 
much akin to Puppet's recipes and facts, but it is nowhere near 
as integrated. Puppet seems designed from the start to be 
extensible, where cfengine feels like an afterthought. Puppet 
also promotes recipe sharing by making them modular, where 
sharing cfengine code is more difficult because the resources 
are in different parts of the cfengine policy. 

Puppet is written in Ruby, and cfengine is written in C. 
Initially, | thought this was an advantage for cfengine, but 
after getting into Puppet, | realized it’s not a big deal. Puppet's 
author takes great pains to abstract Puppet’'s configuration 
from the Ruby language, so no knowledge of Ruby is needed. 

| found the learning curve for cfengine to be the steepest. 
Granted, | had no understanding of configuration manage- 
ment when starting with cfengine, and | had some cfengine 
experience by the time | started with Puppet, but many of my 
stumbling blocks have been fixed in Puppet. 

Both projects offer support over their IRC channels. 
Cfengine has an extensive on-line manual and a fair bit 
of third-party documentation on other Web sites. Puppet 
has an excellent wiki and a comparable amount of third- 
party documentation. 

Although Puppet is younger compared to cfengine, its 
openness and extensibility are what make it a better choice 
than cfengine. 
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Resources 


Puppet's Home Page: reductivelabs.com/trac/puppet/wiki 


Annotated Links on Using Puppet: del.icio.us/SeanW/puppetlj 
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The Browser Platform 


Google makes good on an ancient Netscape promise. Doc SEARLS 


What Netscape was to Web 1.0, Google is 
to Web 2.0. Like Netscape, Google is Net- 
native, pioneering, hacker-friendly, generous 
and likable. It charges for some stuff, but the 
most popular stuff it gives away for free. 
That's because it groks the Because Effect: you 
make money because of what you give away 
for free. Netscape made money with server 
software because it gave away the browser. 
Google makes money with advertising 
because it gives away search—and a growing 
portfolio of other services and applications 
that create vast new environments where 
advertising can be placed. 

But, one gets major déja vu watching 
Google succeed at doing exactly what 
Netscape wanted to do more than a decade 
ago, which was make the Web itself into a 
platform, with the browser serving as a kind 
of operating system. Netscape failed that mis- 
sion for a variety of reasons, the most obvious 
of which was taunting Microsoft. In a long 
Wired story about the Microsoft antitrust 
case, John Hieleman wrote: 


..here was Andreessen publicly pro- 
claiming in the summer of 1995 that 
Netscape’s plan was to reduce 
Windows to “a poorly debugged set 
of device drivers.” “They didn’t save 
it up”, Myhrvold said. “They fucking 
pulled up alongside us and said, ‘Hey, 
sorry, that guy’s already history.’” 


The tactic drove Redmond into a 
rage. The day after Andreessen’s 
quote appeared in the press, John 
Doerr, the prominent venture capital- 
ist and Netscape board member, 
received a chilling e-mail from Jon 
Lazarus, one of Gates’ key advisers. In 
its entirety, it read, “Boy waves large 
red flag in front of herd of charging 
bulls and is then surprised to wake 
up gored.” 


That was back when Microsoft was 
still, as Bill Gates loved to say, “hard core”. 
It was at the top of its game, which was 
Xtreme Business Hardball. There are legal 
limits on how hard you can play that game, 
as Microsoft found out when the feds went 


after the company. But Netscape’s wounds 
were also self-inflicted. As | put it in “The 
Shrinking Subject” in 2000, “For a year or 
two, Netscape looked like it could do no 
wrong. It was a Miata being chased down a 
mountain road by a tractor trailer. As long as 
it moved fast and looked ahead, there was no 
problem with the truck behind. But at some 
point, Netscape got fixated on the rear-view 
mirror. That's where it was looking when it 
drove off the cliff.” 

It also failed to execute. As | put it in that 
same article, “Worst of all, it bloated the 
browser from a compact, single-purpose tool 
to an immense contraption that eventually 
included authoring software, a newsgroup 
reader, a conferencing system and an e-mail 
client—all of which were done better by 
standalone applications.” 

Today, Netscape is a skin mounted on 
an AOL wall. Netscape.com now redirects 
to netscape.aol.com. And the last Netscape 
Navigator-branded browser rolled off the 
line early this year. Meanwhile, Google has 
authoring software (Blogger), a whole 
e-mail system (Gmail), all of Usenet, Google 
Groups, an on-line calendar, a document 
system and lots of other stuff. Some of it 
(Google Toolbar, Gmail) can bloat a browser, 
but only if the user wants it. Otherwise, 
Google has seemed content to let its spin- 
off, Mozilla, with Firefox, gradually eat 
away at Microsoft's dominant browser 
share—both by being a good product and 
by serving as host to an endless variety of 
extensions and plugins. 

That is, until early September 2008. That's 
when Google announced Chrome—a new 
browser that really does serve the role of an 
operating system. Google explained Chrome 
through a 39-page series of illustrations in 
comic book style by the brilliant Scott 
McCloud. With Chrome, tabs aren't just for 
Web pages. They're for processes, “each 
having its own memory and its own copy of 
the global data structure”. Sound familiar? 
The doc adds, “We're applying the same kind 
of process isolation you find in modern oper- 
ating systems. Separate processes rendering 
separate tabs.” 

Chrome uses WebKit, the open-source 
rendering engine that began as KDE's KHTML 
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software library, then grew through work by 
Apple and a list of other companies that now 
include Nokia, Trolltech, Adobe and Google. 
Chrome also adds a pile of other new 
browser building materials, including Gears 
and the V8 JavaScript engine. All are open 
source (using the BSD license). 

The Chrome comic concludes, “We hope 
v8's performance will set a new bar, and that 
he other development teams will continue 
o improve in this space. Because if you 
ook at any other system that’s become 
aster over time, what happens is you get 
bigger, better, more inventive apps.” 

Especially Google’s huge back-end apps 
he run in the cloud. In his blog, Nick Carr 
writes, “To Google, the browser has 
become a weak link in the cloud system— 
he needle’s eye through which the outputs 
of the company’s massive data centers 
usually have to pass to reach the user— 
and as a result, the browser has to be 
rethought, revamped, retooled, modern- 
ized. Google can’t wait for Microsoft or 
Apple or the Mozilla Foundation to make 
the changes...so Google is jump-starting 
the process with Chrome.” 

Netscape may have lost the “browser 
war” long ago, but Google is winning at a 
different game entirely—one in which the 
browser is just a way of organizing applica- 
tions, documents and other things users need 
to make the most of where they all now live, 
which is on the Net. Not on a desktop 
operating system. And, let’s not forget that 
most of the cloud's services run on Linux 
servers. Including nearly all of Google's. 

At the time of this writing, Chrome is still 
available only for Windows. Google promises 
Mac and Linux versions as soon as possible. 
When Chrome comes out on Linux, it will 
be interesting to see if it will be to Linux's 
advantage to have a browser, rather than 
an operating system, serving as an applica- 
tion framework. If that’s the case, maybe 
the best-debugged set of device drivers will 
finally win on the desktop too.m™ 
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